Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-14583 | Improper Input Validation vulnerability in Netapp Clustered Data Ontap 9.0/9.1/9.2 NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | 6.5 |
| 2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 6.2 |
| 2017-11-17 | CVE-2017-15517 | Information Exposure vulnerability in Netapp Altavault OST Plug-In AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. | 5.5 |
| 2017-11-10 | CVE-2017-5201 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.1.4/9.0 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | 5.7 |
| 2017-11-10 | CVE-2017-11461 | Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 5.1 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | 4.3 |
| 2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
| 2017-10-19 | CVE-2017-10384 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 6.5 |
| 2017-10-19 | CVE-2017-10379 | Incorrect Authorization vulnerability in multiple products Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 6.5 |
| 2017-10-19 | CVE-2017-10378 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
| 2017-10-19 | CVE-2017-10357 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). | 5.3 |