Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-10286 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB).
network
high complexity
oracle netapp mariadb
4.4
4.4
2017-10-19 CVE-2017-10285 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-10-19 CVE-2017-10281 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization).
network
low complexity
oracle debian redhat netapp
5.3
5.3
2017-10-19 CVE-2017-10274 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO).
network
high complexity
oracle debian redhat netapp
6.8
6.8
2017-10-19 CVE-2017-10268 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
local
high complexity
oracle debian redhat mariadb netapp
4.1
4.1
2017-10-16 CVE-2016-4461 Improper Input Validation vulnerability in multiple products
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
network
low complexity
apache netapp CWE-20
8.8
8.8
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
8.1
2017-09-19 CVE-2017-12615 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.
network
high complexity
apache netapp redhat CWE-434
8.1
8.1
2017-09-15 CVE-2017-9805 Deserialization of Untrusted Data vulnerability in multiple products
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
network
high complexity
apache cisco netapp CWE-502
8.1
8.1
2017-09-01 CVE-2017-14053 Information Exposure vulnerability in Netapp Oncommand Unified Manager for Clustered Data Ontap 6.3/6.4/7.2
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
low complexity
netapp CWE-200
7.5
7.5