Shodan
Vulnerabilities
Vulnerable Software
Netapp:  Security Vulnerabilities
CVE-2016-3063
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-02-07
CVE-2016-4341
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-02-07
CVE-2016-5372
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVSS Score
6.3
EPSS Score
0.001
Published
2017-02-07
CVE-2016-5711
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-02-07
CVE-2016-6495
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-02-07
CVE-2016-6667
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.022
Published
2017-02-07
CVE-2016-10165
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVSS Score
7.1
EPSS Score
0.009
Published
2017-02-03
CVE-2017-5600
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-02-02
CVE-2016-2518
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVSS Score
5.3
EPSS Score
0.035
Published
2017-01-30
CVE-2015-7973
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
CVSS Score
6.5
EPSS Score
0.086
Published
2017-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved