Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2016-3063 | Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager 2.0.2/2.1/2.2 Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | 4.4 |
| 2017-02-07 | CVE-2015-8544 | Information Exposure vulnerability in Netapp Snapdrive 6.2.0.5007/6.2.1.5029/6.3.0.4601 NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2017-02-07 | CVE-2015-8322 | Arbitrary Code Execution vulnerability in Netapp Data Ontap 8.3/8.3.1 NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 6.5 |
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.0 |
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 4.3 |
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 5.8 |
| 2017-01-12 | CVE-2016-9131 | Improper Input Validation vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | 5.0 |
| 2017-01-11 | CVE-2016-6820 | Information Exposure vulnerability in Netapp Metrocluster Tiebreaker MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | 5.0 |
| 2017-01-11 | CVE-2015-8020 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.0/8.3.1/8.3.2 Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | 4.3 |
| 2016-12-21 | CVE-2016-7172 | Information Exposure vulnerability in Netapp Snap Creator Framework NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | 5.0 |