Page 89 of 460 results (0.013 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1563

https://notcve.org/view.php?id=CVE-2016-1563

NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NetApp Clustered Data ONTAP 8.3.1 no verifica correctamente los certificados X.509 de servidores TLS, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • https://kb.netapp.com/support/index?page=content&id=9010064 https://security.netapp.com/advisory/ntap-20160310-0002 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 1%CPEs: 91EXPL: 0

CVE-2015-7977 – ntp: restriction list NULL pointer dereference

https://notcve.org/view.php?id=CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist. A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce&# • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 81EXPL: 0

CVE-2015-7973

https://notcve.org/view.php?id=CVE-2015-7973

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •

CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 1

CVE-2015-7974 – ntp: missing key check allows impersonation between authenticated peers (VU#357792)

https://notcve.org/view.php?id=CVE-2015-7974

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." NTP 4.x en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no verifica las asociaciones del par de las claves simétricas cuando autentica paquetes, lo que podría permitir a atacante remotos llevar a cabo ataques de suplantación de identidad a través de una clave de confianza arbitraria, también conocida como "skeleton key". A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). • http://bugs.ntp.org/show_bug.cgi?id=2936 http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2936 http://www.debian.org/security/2016/dsa-3629 http://www.securityfocus.com/bid/81960 http://www.securitytracker.com/id/1034782 http://www.talosintel.com/reports/TALOS-2016-0071 https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750e • CWE-287: Improper Authentication CWE-304: Missing Critical Step in Authentication •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7886

https://notcve.org/view.php?id=CVE-2015-7886

NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. NetApp Data ONTAP en versiones anterioers a 8.2.4P1, cuando 7-Mode y el acceso HTTP están habilitados, permite a atacantes remotos obtener información sensible del volumen a través de vectores no especificados. • http://kb.netapp.com/support/index?page=content&id=9010055 https://security.netapp.com/advisory/ntap-20160114-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •