Oncommand Unified Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-10	CVE-2019-5494	Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. network low complexity netapp CWE-319	7.5
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8
2019-04-08	CVE-2019-0217	Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. network high complexity apache debian fedoraproject canonical redhat opensuse netapp oracle CWE-362	7.5
2019-03-21	CVE-2019-9898	Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. network low complexity putty fedoraproject debian opensuse netapp CWE-330 critical	9.8
2019-03-21	CVE-2019-9897	Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. network low complexity putty fedoraproject debian netapp opensuse	7.5
2019-03-21	CVE-2019-9894	Key Management Errors vulnerability in multiple products A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. network low complexity putty fedoraproject debian netapp opensuse CWE-320	7.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-01-16	CVE-2019-2539	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). network low complexity oracle netapp redhat	4.9
2019-01-16	CVE-2019-2537	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). network low complexity oracle canonical debian netapp mariadb redhat	4.9
2019-01-16	CVE-2019-2536	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). local high complexity oracle netapp redhat	5.0