Netapp

Oncommand Unified Manager Core Package

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-3156

Warnung Exploit
  • EPSS 92.24%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 10.11.2025 14:41:45

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

9.1

CVE-2021-23926

  • EPSS 0.32%
  • Veröffentlicht 14.01.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:03

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

4.3

CVE-2020-14779

  • EPSS 0.2%
  • Veröffentlicht 21.10.2020 15:15:18
  • Zuletzt bearbeitet 27.05.2025 16:42:14

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows una...

5

CVE-2020-14621

  • EPSS 0.46%
  • Veröffentlicht 15.07.2020 18:15:27
  • Zuletzt bearbeitet 27.05.2025 16:33:09

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenti...

5.9

CVE-2020-14002

  • EPSS 0.48%
  • Veröffentlicht 29.06.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:19

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the ...

6.1

CVE-2020-1927

  • EPSS 11.3%
  • Veröffentlicht 02.04.2020 00:15:13
  • Zuletzt bearbeitet 21.11.2024 05:11:37

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

7.5

CVE-2019-17069

  • EPSS 0.47%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:38

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

5.9

CVE-2019-1559

  • EPSS 5.05%
  • Veröffentlicht 27.02.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:36:48

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...

5.3

CVE-2017-15906

  • EPSS 2.49%
  • Veröffentlicht 26.10.2017 03:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

7.5

CVE-2017-7236

  • EPSS 0.29%
  • Veröffentlicht 26.05.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.