Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2017-07-03 CVE-2016-5045 Information Exposure vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
network
high complexity
netapp CWE-200
8.1
8.1
2017-07-03 CVE-2016-3998 Permissions, Privileges, and Access Controls vulnerability in Netapp Altavault
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
network
high complexity
netapp CWE-264
8.1
8.1
2017-07-03 CVE-2016-3997 7PK - Security Features vulnerability in Netapp Clustered Data Ontap 8.3.1
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
network
high complexity
netapp CWE-254
7.5
7.5
2017-07-03 CVE-2016-3400 7PK - Security Features vulnerability in Netapp Data Ontap 8.1/8.2
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
network
high complexity
netapp CWE-254
7.5
7.5
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5
7.5
2017-06-20 CVE-2017-3167 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
network
low complexity
apache netapp redhat apple debian oracle CWE-287
critical
 9.8
9.8
2017-05-26 CVE-2017-7439 Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
network
low complexity
netapp CWE-200
7.5
7.5
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
7.5
7.5
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
 9.8
9.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
 9.8
9.8