Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2019-05-10 CVE-2019-5494 Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-319
7.5
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-03-21 CVE-2019-9898 Use of Insufficiently Random Values vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-330
critical
9.8
2019-03-21 CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
network
low complexity
putty fedoraproject debian netapp opensuse
7.5
2019-03-21 CVE-2019-9894 Key Management Errors vulnerability in multiple products
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
network
low complexity
putty fedoraproject debian netapp opensuse CWE-320
7.5
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-01-16 CVE-2019-2539 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection).
network
low complexity
oracle netapp redhat
4.9
2019-01-16 CVE-2019-2537 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
low complexity
oracle canonical debian netapp mariadb redhat
4.9
2019-01-16 CVE-2019-2536 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging).
local
high complexity
oracle netapp redhat
5.0