Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-10268 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 4.1 |
| 2017-10-16 | CVE-2016-4461 | Improper Input Validation vulnerability in multiple products Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. | 8.8 |
| 2017-10-04 | CVE-2017-12617 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. | 8.1 |
| 2017-09-19 | CVE-2017-12615 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. | 8.1 |
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
| 2017-09-01 | CVE-2017-14053 | Information Exposure vulnerability in Netapp Oncommand Unified Manager for Clustered Data Ontap 6.3/6.4/7.2 NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 7.5 |
| 2017-09-01 | CVE-2017-12423 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | 7.7 |
| 2017-09-01 | CVE-2017-12421 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | 8.8 |
| 2017-09-01 | CVE-2016-1895 | Use of Externally-Controlled Format String vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | 6.5 |
| 2017-09-01 | CVE-2015-7746 | Improper Authentication vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | 9.8 |