IDCVSSSummaryLast (major) updatePublished
CVE-2018-5740 5.0
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feat
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5737 5.0
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5736 3.5
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an a
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5734 5.0
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the requ
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3145 5.0
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3140 4.3
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3138 3.5
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has create
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3137 5.0
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which record
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3136 4.3
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3135 4.3
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2016-9778 4.3
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an at
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5496 2.1
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
04-12-2018 - 15:29 04-12-2018 - 15:29
CVE-2018-18066 5.0
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
08-10-2018 - 14:29 08-10-2018 - 14:29
CVE-2018-18065 4.0
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
08-10-2018 - 14:29 08-10-2018 - 14:29
CVE-2016-1895 4.0
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.
01-09-2017 - 17:29 01-09-2017 - 17:29
CVE-2015-7746 7.5
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
01-09-2017 - 09:29 01-09-2017 - 09:29
CVE-2017-12859 4.3
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
18-08-2017 - 12:29 18-08-2017 - 12:29
CVE-2016-3400 6.8
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
03-07-2017 - 12:29 03-07-2017 - 12:29
CVE-2016-5374 6.5
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
14-03-2017 - 11:36 01-03-2017 - 15:59
CVE-2015-8322 6.5
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
24-02-2017 - 15:02 07-02-2017 - 12:59
CVE-2016-6495 4.3
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
24-02-2017 - 13:52 07-02-2017 - 12:59
CVE-2015-7886 4.3
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
21-01-2016 - 19:25 18-01-2016 - 00:59
CVE-2008-3349 10.0
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related
10-09-2008 - 21:12 28-07-2008 - 13:41
Back to Top Mark selected
Back to Top