NetApp Oncommand Balance
By the Year
In 2022 there have been 0 vulnerabilities in NetApp Oncommand Balance . Oncommand Balance did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 9.80 |
It may take a day or so for new Oncommand Balance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Oncommand Balance Security Vulnerabilities
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could
CVE-2017-7525
9.8 - Critical
- February 06, 2018
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Denylist / Deny List
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could
CVE-2017-15095
9.8 - Critical
- February 06, 2018
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\
Marshaling, Unmarshaling
A denial of service flaw was found in OpenSSL 0.9.8
CVE-2016-8610
7.5 - High
- November 13, 2017
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Resource Exhaustion
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77
CVE-2015-7855
6.5 - Medium
- August 07, 2017
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
Improper Input Validation
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77
CVE-2015-7871
9.8 - Critical
- August 07, 2017
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
authentification
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77
CVE-2015-7853
9.8 - Critical
- August 07, 2017
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Classic Buffer Overflow
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode
CVE-2015-7973
6.5 - Medium
- January 30, 2017
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
7PK - Security Features
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90
CVE-2015-7977
5.9 - Medium
- January 30, 2017
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
NULL Pointer Dereference
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92
CVE-2016-2518
5.3 - Medium
- January 30, 2017
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Out-of-bounds Read
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might
CVE-2015-7974
7.7 - High
- January 26, 2016
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by NetApp? Click the Watch button to subscribe.
