Lucene search
K
NetappOncommand Balance

83 matches found

CVE
CVE
added 2017/10/19 5:0 p.m.220 views

CVE-2017-10384

CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...

6.5CVSS5.5AI score0.03103EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.218 views

CVE-2017-10198

CVE-2017-10198 affects Oracle Java SE, Java SE Embedded, and JRockit. Vulnerability in the Security component (and related areas) allows unauthenticated network-based access to compromise affected Java runtimes (Java SE 6u151, 7u141, 8u131; Embedded 8u131; JRockit R28.3.14). Exploitation is possi...

6.8CVSS6.8AI score0.02598EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.217 views

CVE-2017-10309

CVE-2017-10309 involves the Deployment subcomponent of Oracle Java SE. Public details in the provided documents indicate an XML External Entity/Information Disclosure style vulnerability affecting Java 8u144 and Java 9 deployments, with network-accessible exploitation requiring user interaction. ...

7.1CVSS7AI score0.08794EPSS
Web
CVE
CVE
added 2017/10/19 5:0 p.m.206 views

CVE-2017-10379

CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...

6.5CVSS5.2AI score0.02298EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.199 views

CVE-2017-10078

CVE-2017-10078 affects Oracle Java SE 8u131 (Scripting) and can be exploited over network with multiple protocols, enabling high-impact confidentiality and integrity violations and data access. The vulnerability can be triggered by sandboxed Web Start/Applet use or via APIs without sandboxing. Th...

8.1CVSS7.8AI score0.02402EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.197 views

CVE-2016-2518

CVE-2016-2518 affects NTP ntpd: MATCH_ASSOC() can trigger an out-of-bounds reference when handling addpeer with a large hmode. Affected versions are ntpd before 4.2.8p9 and 4.3.x before 4.3.92. Impact is a potential crash/denial of service via crafted packets. Mitigation: upgrade to fixed release...

5.3CVSS6.2AI score0.15081EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.197 views

CVE-2017-10293

CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...

6.1CVSS6.1AI score0.01489EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.195 views

CVE-2017-10176

CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...

7.5CVSS7AI score0.05034EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.194 views

CVE-2015-7977

CVE-2015-7977 : ntpd/nptdsp (NTP) vulnerability where processing of the ntpdc reslist command could cause a NULL pointer dereference and crash ntpd. This is triggered by large restriction lists. Affects ntpd/ntpdc in NTP 4.2.x leading up to 4.2.8p6 and 4.3.x prior to 4.3.90. Remediation: upgrade ...

5.9CVSS6.3AI score0.06295EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.190 views

CVE-2017-10114

CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...

8.3CVSS8.5AI score0.0229EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.186 views

CVE-2015-7855

CVE-2015-7855 affects ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The decodenetnum() function can assert-botch when processing mode 6 or mode 7 packets with an unusually long data value, enabling a remote attacker to cause ntpd to crash (denial of service). Public references indicat...

6.5CVSS7.4AI score0.31068EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.185 views

CVE-2015-7850

CVE-2015-7850 affects ntpd/NTP with remote configuration enabled; vulnerability caused by pointing the key file at the log file, leading to DoS (infinite loop or crash) and potentially large logs. Affected: ntpd in 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Mitigation/remediation documented ac...

6.5CVSS7.2AI score0.04973EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.185 views

CVE-2017-10118

CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...

7.5CVSS7AI score0.02972EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.184 views

CVE-2017-10111

CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.183 views

CVE-2017-10105

CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...

4.3CVSS4.4AI score0.01913EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.172 views

CVE-2015-7973

CVE-2015-7973 affects the NTP reference implementation (ntpd) prior to 4.2.8p6 and 4.3.x prior to 4.3.90. When configured in broadcast mode, authenticated broadcast packets can be recorded and replayed by an on‑path or MITM attacker, enabling a replay attack and unauthorized time updates. Public ...

6.5CVSS6.7AI score0.03334EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.168 views

CVE-2017-10125

CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...

7.1CVSS7.6AI score0.0063EPSS
CVE
CVE
added 2016/01/26 7:0 p.m.166 views

CVE-2015-7974

CVE-2015-7974 concerns the NTP reference implementation. The issue arises when authenticated packets are processed: symmetric-key peer associations are not properly verified, potentially enabling a remote attacker to impersonate a trusted peer (skeleton key). Affected are NTP 4.x prior to 4.2.8p6...

7.7CVSS7.6AI score0.05658EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.166 views

CVE-2017-10086

CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.165 views

CVE-2015-7852

CVE-2015-7852 is an off-by-one vulnerability in ntpq’s cookedprint() which can allow a crafted mode 6 packet to cause a buffer overflow and crash ntpd. Public references (Debian DSA-3388-1, CentOS advisories) confirm ntpq/cookedprint as the vulnerable component and describe a DoS via remote craft...

5.9CVSS7.1AI score0.12282EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.160 views

CVE-2017-3137

CVE-2017-3137 is a denial-of-service issue in BIND where a response containing CNAME or DNAME records can cause named to exit with an assertion failure when records are in an unusual order. Affected upstream releases include multiple 9.x series (e.g., 9.9.9-P6 through 9.11.1rc1, 9.9.9-S8; also li...

7.5CVSS7.1AI score0.08902EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.151 views

CVE-2017-3138

CVE-2017-3138 affects the BIND/named control channel. A regression can cause named to exit with a REQUIRE assertion failure when it receives a null command string on the control channel, potentially enabling denial-of-service. Affected versions in the CVE scope include BIND 9.9.9 through 9.11.1rc...

6.5CVSS6.3AI score0.05478EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.124 views

CVE-2015-7849

CVE-2015-7849 is a use-after-free vulnerability in ntpd (NTP) affecting 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The available connected documents describe that remote authenticated users can potentially execute arbitrary code or cause a denial of service (crash) by sending crafted NTP packe...

8.8CVSS9.1AI score0.16848EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.120 views

CVE-2017-10365

CVE-2017-10365 concerns a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The affected versions are 5.7.18 and earlier. An attacker with network access via multiple protocols and with high privileges can potentially compromise MySQL Server, leading to unauthori...

5.5CVSS3.3AI score0.01571EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.118 views

CVE-2017-10286

CVE-2017-10286 affects the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The F5 advisory confirms the vulnerability is exploitable over the network by a high-privileged attacker with access via multiple protocols, and can cause a hang or crash (complete DOS). Affected versions in...

4.4CVSS4.3AI score0.02465EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.117 views

CVE-2015-7854

CVE-2015-7854 is a memory corruption vulnerability in ntpd’s password management. A crafted key file can trigger a buffer overflow, potentially crashing the daemon or allowing arbitrary code execution by remote authenticated users. Affected are NTP 4.2.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77...

8.8CVSS9.3AI score0.1456EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.113 views

CVE-2017-3140

CVE-2017-3140 describes an RPZ rule processing error in BIND that can cause named to enter an endless loop when handling a query. Affected BIND versions per sources include 9.9.10, 9.10.5, 9.11.0–9.11.1, 9.9.10-S1, 9.10.5-S1. Public advisories differ on impact to vendor products; F5 notes not aff...

5.9CVSS4.9AI score0.1213EPSS
CVE
CVE
added 2017/01/06 9:0 p.m.107 views

CVE-2015-7848

CVE-2015-7848 is an NTP daemon vulnerability where an integer overflow in ntpd processing a crafted private mode (MODE_PRIVATE) packet can cause an out-of-bounds memory copy, leading to an immediate crash. The exploit requires a packet with a valid timestamp and correct MAC. Connected sources con...

7.5CVSS8.6AI score0.06096EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.105 views

CVE-2017-10320

CVE-2017-10320 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.7.19 and earlier. An attacker with network access via multiple protocols can exploit this to cause a hang or a crash (DOS) of MySQL Server. The CVSS v3 base score is 4.9 (Availability impact). Reme...

4.9CVSS4.7AI score0.01942EPSS
CVE
CVE
added 2017/12/01 4:0 p.m.105 views

CVE-2017-15707

Apache Struts REST plugin (versions 2.5–2.5.14) is vulnerable due to the REST plugin using an outdated JSON-lib library, enabling a remote attacker to cause a denial of service by sending a specially crafted JSON payload. Vulnerable component: Struts 2.x with REST plugin; root cause: insecure JSO...

6.2CVSS6.2AI score0.04889EPSS
CVE
CVE
added 2017/10/16 4:0 p.m.78 views

CVE-2016-4461

CVE-2016-4461: Apache Struts vulnerability causing remote code execution via forced double OGNL evaluation. IBM/security bulletins show affected IBM FlashSystem products (V840, V900, Storwize/SAN volumes) with vulnerable VRMFs and the need to upgrade to fixed code levels. IBM Bulletins list affec...

9CVSS8.8AI score0.0802EPSS
CVE
CVE
added 2015/02/06 11:0 a.m.77 views

CVE-2014-9354

CVE-2014-9354 affects NetApp OnCommand Balance before 4.2P3. The vulnerability enables local users to obtain sensitive information due to cleartext storage. Affected product: NetApp OnCommand Balance; root cause: cleartext storage leading to information disclosure. Potential impact: exposure of s...

4CVSS5.8AI score0.00952EPSS
CVE
CVE
added 2015/02/06 11:0 a.m.46 views

CVE-2014-9353

Affected product: NetApp OnCommand Balance. Vulnerability: presence of a default privileged account in Balance prior to version 4.2P2, enabling remote privilege elevation via unspecified vectors. Root cause: default privileged account included in the application. Impact: attacker could gain privi...

10CVSS7.1AI score0.02937EPSS
Total number of security vulnerabilities83