Vulnerabilities > Netapp > Oncommand Unified Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14803 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries).
network
low complexity
oracle netapp debian opensuse
5.0
2020-10-21 CVE-2020-14797 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 4.3
2020-10-21 CVE-2020-14792 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). 5.8
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
4.4
2019-05-10 CVE-2019-5495 7PK - Security Features vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-254
5.0
2019-05-10 CVE-2019-5494 Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-319
5.0
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-01-16 CVE-2019-2539 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection).
network
low complexity
oracle netapp redhat
4.9
2019-01-16 CVE-2019-2537 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
low complexity
oracle canonical debian netapp mariadb redhat
4.0
2019-01-16 CVE-2019-2536 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging).
local
high complexity
oracle netapp redhat
5.0