Vulnerabilities > Netapp > Oncommand Unified Manager Core Package > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14621 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). 5.3
2020-06-29 CVE-2020-14002 Information Exposure Through Discrepancy vulnerability in multiple products
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
network
high complexity
putty netapp fedoraproject CWE-203
5.9
2020-04-02 CVE-2020-1927 Open Redirect vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
6.1
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2017-10-26 CVE-2017-15906 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
network
low complexity
openbsd oracle debian netapp redhat CWE-732
5.3
2017-05-26 CVE-2017-7439 Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
network
low complexity
netapp CWE-200
5.0
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
5.0