Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-10-16 CVE-2016-4461 Improper Input Validation vulnerability in multiple products
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
network
low complexity
apache netapp CWE-20
critical
 9.0
9.0
2017-08-10 CVE-2016-5018 In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
network
low complexity
apache netapp canonical debian redhat oracle
critical
 9.1
9.1
2017-08-08 CVE-2017-10111 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-08-08 CVE-2017-10107 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-08-08 CVE-2017-10102 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle debian phoenixcontact netapp redhat
critical
 9.0
9.0
2017-08-08 CVE-2017-10101 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-08-08 CVE-2017-10096 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-08-08 CVE-2017-10090 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian netapp redhat
critical
 9.6
9.6
2017-08-08 CVE-2017-10087 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-07-13 CVE-2017-9788 Improper Input Validation vulnerability in multiple products
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest.
network
low complexity
apache debian apple netapp redhat oracle CWE-20
critical
 9.1
9.1