Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
| 2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |
| 2017-05-26 | CVE-2017-7439 | Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | 7.5 |
| 2017-05-26 | CVE-2017-7236 | SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-05-23 | CVE-2016-9843 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | 9.8 |
| 2017-05-23 | CVE-2016-9841 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 9.8 |
| 2017-05-21 | CVE-2017-9119 | Resource Exhaustion vulnerability in multiple products The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | 9.8 |
| 2017-05-19 | CVE-2017-9078 | Double Free vulnerability in multiple products The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | 8.8 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-10 | CVE-2017-7345 | Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1 NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.3 |