Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-01 | CVE-2016-3064 | Information Exposure vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | 4.0 |
| 2016-04-07 | CVE-2016-1563 | Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2016-01-26 | CVE-2015-7974 | Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | 4.0 |
| 2016-01-18 | CVE-2015-7886 | Information Exposure vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. | 4.3 |
| 2015-02-06 | CVE-2014-9354 | Information Exposure vulnerability in Netapp Oncommand Balance 4.2 NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | 4.0 |
| 2014-11-24 | CVE-2010-5312 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | 6.1 |
| 2007-05-21 | CVE-2007-2768 | Information Exposure vulnerability in multiple products OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. | 4.3 |