Vulnerabilities > Netapp > Oncommand Unified Manager > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-16 | CVE-2019-5482 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | 9.8 |
2019-03-21 | CVE-2019-9898 | Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 9.8 |
2018-10-17 | CVE-2018-10933 | Improper Authentication vulnerability in multiple products A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. | 9.1 |
2018-07-18 | CVE-2018-2938 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). | 9.0 |
2018-06-26 | CVE-2017-7657 | HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. | 9.8 |
2018-05-24 | CVE-2018-5487 | Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | 9.8 |
2018-05-16 | CVE-2018-8014 | Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. | 9.8 |
2017-10-19 | CVE-2017-10285 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 9.6 |
2017-10-19 | CVE-2017-10346 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). | 9.6 |
2017-08-08 | CVE-2017-10086 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 9.6 |