Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-26 CVE-2017-7439 Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
network
low complexity
netapp CWE-200
7.5
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
7.5
2017-05-19 CVE-2017-9078 Double Free vulnerability in multiple products
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
network
low complexity
dropbear-ssh-project debian netapp CWE-415
8.8
2017-04-10 CVE-2017-5988 Unspecified vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
netapp
7.5
2017-03-01 CVE-2017-5995 Information Exposure vulnerability in Netapp Ontap Select Deploy Administration Utility
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-200
7.5
2017-03-01 CVE-2016-5374 Permissions, Privileges, and Access Controls vulnerability in Netapp Data Ontap 9.0/9.1
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
network
low complexity
netapp CWE-264
8.8
2017-02-07 CVE-2016-4341 Information Exposure vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
network
low complexity
netapp CWE-200
7.5
2017-02-07 CVE-2016-3063 Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
network
high complexity
netapp CWE-116
7.5
2017-02-07 CVE-2016-1894 Improper Access Control vulnerability in Netapp Oncommand Workflow Automation 2.2.1/3.0/3.1
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
network
high complexity
netapp CWE-284
8.1
2017-02-07 CVE-2016-1502 Improper Authentication vulnerability in Netapp Snapcenter Server 1.0
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
network
low complexity
netapp CWE-287
7.3