Vulnerabilities > Netapp > Oncommand Workflow Automation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-2940 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 4.3 |
| 2018-07-18 | CVE-2018-2938 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). | 6.8 |
| 2018-07-18 | CVE-2018-2767 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). | 3.5 |
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-06-07 | CVE-2018-12015 | Link Following vulnerability in multiple products In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | 6.4 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-05-16 | CVE-2018-11212 | Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. | 4.3 |
| 2018-05-16 | CVE-2018-8014 | Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. | 9.8 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 6.5 |
| 2018-04-19 | CVE-2018-2846 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). | 4.0 |