Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
2017-09-01 | CVE-2017-14053 | Information Exposure vulnerability in Netapp Oncommand Unified Manager for Clustered Data Ontap 6.3/6.4/7.2 NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 7.5 |
2017-09-01 | CVE-2017-12423 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | 7.7 |
2017-09-01 | CVE-2017-12421 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | 8.8 |
2017-08-18 | CVE-2017-12420 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netapp Clustered Data Ontap Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. | 8.8 |
2017-08-11 | CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | 7.5 |
2017-08-10 | CVE-2016-6797 | Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. | 7.5 |
2017-08-08 | CVE-2017-10176 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). | 7.5 |
2017-08-08 | CVE-2017-10125 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). | 7.1 |
2017-08-08 | CVE-2017-10118 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). | 7.5 |