Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2020-8585 Link Following vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
local
low complexity
netapp CWE-59
2.1
2020-10-21 CVE-2020-14803 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries).
network
low complexity
oracle netapp debian opensuse
5.0
2020-10-21 CVE-2020-14798 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
network
high complexity
oracle netapp debian opensuse
2.6
2020-10-21 CVE-2020-14797 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 4.3
2020-10-21 CVE-2020-14796 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
network
high complexity
oracle netapp opensuse debian
2.6
2020-10-21 CVE-2020-14792 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). 5.8
2019-11-28 CVE-2019-18276 Improper Check for Dropped Privileges vulnerability in multiple products
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
local
low complexity
gnu netapp oracle CWE-273
7.8
2019-09-16 CVE-2019-5482 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
network
low complexity
haxx fedoraproject opensuse netapp oracle debian CWE-787
critical
9.8
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
4.4
2019-05-10 CVE-2019-5495 7PK - Security Features vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-254
5.0