Vulnerabilities > Netapp > Oncommand Unified Manager > 9.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
| 2018-05-16 | CVE-2018-11212 | Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. | 4.3 |
| 2018-05-16 | CVE-2018-8014 | Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. | 9.8 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 6.5 |
| 2018-04-19 | CVE-2018-2839 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
| 2018-04-19 | CVE-2018-2826 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 8.3 |
| 2018-04-19 | CVE-2018-2825 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 8.3 |
| 2018-04-19 | CVE-2018-2813 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.0 |
| 2018-01-21 | CVE-2016-10708 | NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 7.5 |
| 2017-10-19 | CVE-2017-10388 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 7.5 |