Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-03 | CVE-2017-5943 | Cross-Site Request Forgery (CSRF) vulnerability in Bestpractical Request Tracker Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | 8.8 |
| 2017-07-03 | CVE-2016-5045 | Information Exposure vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2 NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | 8.1 |
| 2017-07-03 | CVE-2016-3998 | Permissions, Privileges, and Access Controls vulnerability in Netapp Altavault NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | 8.1 |
| 2017-07-03 | CVE-2016-3997 | 7PK - Security Features vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | 7.5 |
| 2017-07-03 | CVE-2016-3400 | 7PK - Security Features vulnerability in Netapp Data Ontap 8.1/8.2 NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | 7.5 |
| 2017-07-02 | CVE-2017-8894 | HTTP Request Smuggling vulnerability in Aeroadmin 4.1 AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. | 8.1 |
| 2017-07-02 | CVE-2017-8893 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aeroadmin 4.1 AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. | 7.5 |
| 2017-07-02 | CVE-2017-8797 | Improper Validation of Array Index vulnerability in Linux Kernel The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. | 7.5 |
| 2017-07-02 | CVE-2017-0377 | Information Exposure vulnerability in Torproject TOR Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | 7.5 |
| 2017-07-02 | CVE-2017-10790 | NULL Pointer Dereference vulnerability in GNU Libtasn1 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. | 7.5 |