High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-18	CVE-2018-2562	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). network low complexity oracle mariadb debian canonical netapp redhat	7.1
2017-12-11	CVE-2016-6904	Credentials Management vulnerability in Netapp Vasa Provider 6.0/6.X/7.0 Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. network high complexity netapp CWE-255	8.1
2017-11-16	CVE-2017-15516	Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snapcenter Server 1.1/2.0 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. network low complexity netapp CWE-352	8.8
2017-11-13	CVE-2016-8610	A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. network low complexity openssl debian redhat netapp paloaltonetworks oracle fujitsu	7.5
2017-11-07	CVE-2017-16642	Out-of-bounds Read vulnerability in multiple products In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. network low complexity php debian canonical netapp CWE-125	7.5
2017-10-19	CVE-2017-10388	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle redhat netapp debian	7.5
2017-10-19	CVE-2017-10309	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network low complexity oracle redhat netapp	7.1
2017-10-16	CVE-2016-4461	Improper Input Validation vulnerability in multiple products Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. network low complexity apache netapp CWE-20	8.8
2017-10-04	CVE-2017-12617	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. network high complexity apache canonical oracle debian netapp redhat CWE-434	8.1
2017-09-19	CVE-2017-12615	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. network high complexity apache netapp redhat CWE-434	8.1