Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-16 CVE-2018-17082 Cross-site Scripting vulnerability in multiple products
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
network
low complexity
php debian netapp CWE-79
6.1
2018-08-28 CVE-2018-15919 Information Exposure vulnerability in multiple products
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use.
network
low complexity
openbsd netapp CWE-200
5.3
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2018-08-03 CVE-2018-5489 Incorrect Authorization vulnerability in Netapp 7-Mode Transition Tool
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users.
network
low complexity
netapp CWE-863
6.5
2018-08-02 CVE-2018-14851 Out-of-bounds Read vulnerability in multiple products
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
local
low complexity
php canonical debian netapp CWE-125
5.5
2018-07-31 CVE-2017-13652 Improper Input Validation vulnerability in Netapp Oncommand Insight
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.
network
low complexity
netapp CWE-20
6.5
2018-07-18 CVE-2018-3081 Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs).
network
high complexity
oracle netapp canonical debian mariadb redhat
5.0
2018-07-18 CVE-2018-3080 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
low complexity
oracle netapp
4.9
2018-07-18 CVE-2018-3079 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
network
low complexity
oracle netapp
4.9
2018-07-18 CVE-2018-3078 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
low complexity
oracle netapp
4.9