Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2015-7692 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
2017-08-07 CVE-2015-7691 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
2017-08-07 CVE-2015-7887 Improper Access Control vulnerability in Netapp Snapcenter Server 1.0
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
network
low complexity
netapp CWE-284
8.1
2017-07-27 CVE-2016-8743 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers.
network
low complexity
apache netapp debian redhat
7.5
2017-07-24 CVE-2015-7703 Improper Input Validation vulnerability in multiple products
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
2017-07-03 CVE-2016-5045 Information Exposure vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
network
high complexity
netapp CWE-200
8.1
2017-07-03 CVE-2016-3998 Permissions, Privileges, and Access Controls vulnerability in Netapp Altavault
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
network
high complexity
netapp CWE-264
8.1
2017-07-03 CVE-2016-3997 7PK - Security Features vulnerability in Netapp Clustered Data Ontap 8.3.1
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
network
high complexity
netapp CWE-254
7.5
2017-07-03 CVE-2016-3400 7PK - Security Features vulnerability in Netapp Data Ontap 8.1/8.2
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
network
high complexity
netapp CWE-254
7.5
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5