Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2018-2612 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
network
low complexity
oracle mariadb netapp canonical debian
6.5
2018-01-18 CVE-2018-2581 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
low complexity
oracle redhat netapp
4.7
2018-01-18 CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition).
network
low complexity
oracle mariadb debian canonical netapp redhat
7.1
2018-01-10 CVE-2017-17485 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian redhat netapp CWE-502
critical
9.8
2018-01-04 CVE-2017-5753 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6
2018-01-04 CVE-2017-5715 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6
2017-12-18 CVE-2017-14583 Improper Input Validation vulnerability in Netapp Clustered Data Ontap 9.0/9.1/9.2
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
network
low complexity
netapp CWE-20
6.5
2017-12-11 CVE-2016-6904 Credentials Management vulnerability in Netapp Vasa Provider 6.0/6.X/7.0
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication.
network
high complexity
netapp CWE-255
8.1
2017-12-01 CVE-2017-15707 Improper Input Validation vulnerability in multiple products
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
local
low complexity
apache netapp oracle CWE-20
6.2
2017-11-17 CVE-2017-15517 Information Exposure vulnerability in Netapp Altavault OST Plug-In
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors.
local
low complexity
netapp CWE-200
5.5