Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2017-7345 | Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1 NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2017-03-15 | CVE-2016-7103 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | 6.1 |
| 2017-02-07 | CVE-2016-6495 | Information Exposure vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | 5.9 |
| 2017-02-07 | CVE-2016-5372 | Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snap Creator Framework Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 6.3 |
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.3 |
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 5.9 |
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 6.5 |
| 2016-12-05 | CVE-2016-7171 | Improper Certificate Validation vulnerability in Netapp Plug-In 2.0 NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | 5.6 |
| 2016-09-01 | CVE-2016-5047 | Unspecified vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2 NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | 6.5 |
| 2016-09-01 | CVE-2016-3064 | Information Exposure vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | 6.5 |