Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-01 | CVE-2017-12423 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | 7.7 |
| 2017-09-01 | CVE-2017-12421 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | 8.8 |
| 2017-09-01 | CVE-2016-1895 | Use of Externally-Controlled Format String vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | 6.5 |
| 2017-09-01 | CVE-2015-7746 | Improper Authentication vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | 9.8 |
| 2017-08-29 | CVE-2017-12422 | Improper Privilege Management vulnerability in Netapp Storagegrid Webscale NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. | 6.5 |
| 2017-08-18 | CVE-2017-12420 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netapp Clustered Data Ontap Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. | 8.8 |
| 2017-08-18 | CVE-2017-12859 | Improper Input Validation vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. | 5.9 |
| 2017-08-11 | CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | 7.5 |
| 2017-08-10 | CVE-2016-6797 | Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. | 7.5 |
| 2017-08-10 | CVE-2016-6794 | When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. | 5.3 |