Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
7.5
2018-03-06 CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp.
network
low complexity
ntp synology slackware canonical netapp
7.5
2018-03-06 CVE-2018-7182 Out-of-bounds Read vulnerability in multiple products
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
network
low complexity
ntp canonical netapp CWE-125
7.5
2018-03-06 CVE-2017-15519 Improper Authentication vulnerability in Netapp Snapcenter Server 2.0/3.0/3.0.1
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services.
network
low complexity
netapp CWE-287
7.2
2018-02-23 CVE-2017-15518 Information Exposure vulnerability in Netapp Oncommand API Services and Service Level Manager
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password.
local
low complexity
netapp CWE-200
7.8
2018-01-29 CVE-2017-1779 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user.
local
low complexity
ibm netapp CWE-522
7.8
2018-01-22 CVE-2018-5968 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws.
network
high complexity
fasterxml debian redhat netapp CWE-502
8.1
2018-01-21 CVE-2016-10708 NULL Pointer Dereference vulnerability in multiple products
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
network
low complexity
openbsd debian canonical netapp CWE-476
7.5
2018-01-18 CVE-2018-2638 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle redhat netapp
8.3
2018-01-18 CVE-2018-2627 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer).
local
high complexity
oracle redhat netapp
7.5