Netapp

Oncommand Unified Manager Core Package

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-3156

Warning Exploit
  • EPSS 92.26%
  • Published 26.01.2021 21:15:12
  • Last modified 03.04.2025 19:47:48

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

9.1

CVE-2021-23926

  • EPSS 0.32%
  • Published 14.01.2021 15:15:13
  • Last modified 21.11.2024 05:52:03

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

4.3

CVE-2020-14779

  • EPSS 0.2%
  • Published 21.10.2020 15:15:18
  • Last modified 27.05.2025 16:42:14

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows una...

5

CVE-2020-14621

  • EPSS 0.46%
  • Published 15.07.2020 18:15:27
  • Last modified 27.05.2025 16:33:09

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenti...

5.9

CVE-2020-14002

  • EPSS 0.48%
  • Published 29.06.2020 18:15:11
  • Last modified 21.11.2024 05:02:19

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the ...

6.1

CVE-2020-1927

  • EPSS 11.3%
  • Published 02.04.2020 00:15:13
  • Last modified 21.11.2024 05:11:37

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

7.5

CVE-2019-17069

  • EPSS 0.47%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:38

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

5.9

CVE-2019-1559

  • EPSS 5.05%
  • Published 27.02.2019 23:29:00
  • Last modified 21.11.2024 04:36:48

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...

5.3

CVE-2017-15906

  • EPSS 2.76%
  • Published 26.10.2017 03:29:00
  • Last modified 20.04.2025 01:37:25

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

7.5

CVE-2017-7236

  • EPSS 0.29%
  • Published 26.05.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.