Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-03 CVE-2016-3400 7PK - Security Features vulnerability in Netapp Data Ontap 8.1/8.2
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
network
high complexity
netapp CWE-254
7.5
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5
2017-05-26 CVE-2017-7439 Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
network
low complexity
netapp CWE-200
7.5
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
7.5
2017-05-19 CVE-2017-9078 Double Free vulnerability in multiple products
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
network
low complexity
dropbear-ssh-project debian netapp CWE-415
8.8
2017-04-10 CVE-2017-5988 Unspecified vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
netapp
7.5
2017-03-01 CVE-2017-5995 Information Exposure vulnerability in Netapp Ontap Select Deploy Administration Utility
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-200
7.5
2017-03-01 CVE-2016-5374 Permissions, Privileges, and Access Controls vulnerability in Netapp Data Ontap 9.0/9.1
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
network
low complexity
netapp CWE-264
8.8
2017-02-07 CVE-2016-4341 Information Exposure vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
network
low complexity
netapp CWE-200
7.5
2017-02-07 CVE-2016-3063 Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
network
high complexity
netapp CWE-116
7.5