Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2018-08-07 CVE-2018-15132 Information Exposure vulnerability in PHP
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php netapp CWE-200
5.0
2018-08-03 CVE-2018-5490 Incorrect Permission Assignment for Critical Resource vulnerability in Netapp Clustered Data Ontap
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients.
network
low complexity
netapp CWE-732
6.5
2018-08-03 CVE-2018-5489 Incorrect Authorization vulnerability in Netapp 7-Mode Transition Tool
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users.
network
low complexity
netapp CWE-863
4.0
2018-08-03 CVE-2018-14884 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.
network
low complexity
php netapp CWE-476
5.0
2018-08-03 CVE-2018-14883 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php canonical debian netapp CWE-125
5.0
2018-08-02 CVE-2018-14851 Out-of-bounds Read vulnerability in PHP
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
4.3
2018-08-02 CVE-2017-9118 Out-of-bounds Read vulnerability in multiple products
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
network
low complexity
php netapp CWE-125
5.0
2018-07-31 CVE-2017-13652 Improper Input Validation vulnerability in Netapp Oncommand Insight
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.
network
netapp CWE-20
4.3
2018-07-18 CVE-2018-3081 Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). 4.9