Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-24 | CVE-2015-7703 | Improper Input Validation vulnerability in NTP The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | 4.3 |
| 2017-07-17 | CVE-2017-7947 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.3.2/9.0/9.1 NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | 5.0 |
| 2017-07-13 | CVE-2017-9788 | Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. | 9.1 |
| 2017-07-10 | CVE-2017-11147 | Out-of-bounds Read vulnerability in multiple products In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. | 9.1 |
| 2017-07-03 | CVE-2016-5045 | Information Exposure vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2 NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | 6.8 |
| 2017-07-03 | CVE-2016-3998 | Permissions, Privileges, and Access Controls vulnerability in Netapp Altavault NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | 5.1 |
| 2017-07-03 | CVE-2016-3997 | 7PK - Security Features vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | 6.8 |
| 2017-07-03 | CVE-2016-3400 | 7PK - Security Features vulnerability in Netapp Data Ontap 8.1/8.2 NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | 6.8 |
| 2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
| 2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |