Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2015-7702 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
6.5
2017-07-25 CVE-2017-8919 Unspecified vulnerability in Netapp Oncommand API Services 1.0/1.1/1.2
NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.
network
low complexity
netapp
6.5
2017-07-17 CVE-2017-7947 Information Exposure vulnerability in Netapp Clustered Data Ontap 8.3.2/9.0/9.1
NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
network
low complexity
netapp CWE-200
6.5
2017-04-10 CVE-2017-7345 Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-200
5.3
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1
2017-02-07 CVE-2016-6495 Information Exposure vulnerability in Netapp Data Ontap
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
network
high complexity
netapp CWE-200
5.9
2017-02-07 CVE-2016-5372 Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snap Creator Framework
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
network
low complexity
netapp CWE-352
6.3
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
2017-01-30 CVE-2015-7973 7PK - Security Features vulnerability in multiple products
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp siemens freebsd netapp canonical CWE-254
6.5