Oncommand Insight Security Vulnerabilities and Issues — Page 4 of Oncommand Insight CVE List

Lucene search

NetappOncommand Insight

171 matches found

CVE•added 2020/10/21 3:15 p.m.•303 views

CVE-2020-14771

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compro...

3.5CVSS3.2AI score0.00264EPSS

CVE•added 2020/04/15 2:15 p.m.•291 views

CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS6.8AI score0.00541EPSS

CVE•added 2020/04/07 6:15 p.m.•286 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

7.5CVSS7.3AI score0.01846EPSS

CVE•added 2020/04/15 2:15 p.m.•275 views

CVE-2020-2768

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with networ...

6.3CVSS5.9AI score0.0041EPSS

CVE•added 2020/04/15 2:15 p.m.•270 views

CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

5.8CVSS4.6AI score0.00502EPSS

CVE•added 2020/09/19 4:15 a.m.•267 views

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

8.7CVSS7.2AI score0.56167EPSS

CVE•added 2020/04/15 2:15 p.m.•266 views

CVE-2020-2778

4.3CVSS3.7AI score0.00426EPSS

CVE•added 2020/05/26 4:15 p.m.•229 views

CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

6.5CVSS6AI score0.00167EPSS

CVE•added 2020/10/06 2:15 p.m.•186 views

CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

7.5CVSS6.9AI score0.00597EPSS

CVE•added 2020/01/15 5:15 p.m.•161 views

CVE-2020-2585

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulne...

5.9CVSS5.6AI score0.01472EPSS

CVE•added 2020/09/23 1:15 p.m.•159 views

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

7.5CVSS7.3AI score0.00366EPSS

CVE•added 2020/11/02 9:15 p.m.•156 views

CVE-2020-25689

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue...

6.8CVSS6.1AI score0.00238EPSS

CVE•added 2020/09/01 9:15 p.m.•144 views

CVE-2020-13946

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and password...

5.9CVSS6.8AI score0.01174EPSS

CVE•added 2020/06/10 8:15 p.m.•139 views

CVE-2020-10705

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

7.5CVSS7.1AI score0.00384EPSS

CVE•added 2020/07/15 6:15 p.m.•132 views

CVE-2020-14664

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human...

8.3CVSS8.1AI score0.01002EPSS

CVE•added 2020/06/15 10:15 p.m.•101 views

CVE-2020-4051

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16...

5.4CVSS4.7AI score0.00164EPSS

CVE•added 2020/04/15 2:15 p.m.•79 views

CVE-2020-2790

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.2AI score0.00471EPSS

CVE•added 2020/04/15 2:15 p.m.•77 views

CVE-2020-2806

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful at...

5.3CVSS5.7AI score0.00493EPSS

CVE•added 2020/10/21 3:15 p.m.•60 views

CVE-2020-14853

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Succ...

4.9CVSS4.4AI score0.00225EPSS

CVE•added 2020/02/19 4:15 p.m.•58 views

CVE-2020-4135

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

7.5CVSS7.2AI score0.00908EPSS

CVE•added 2020/04/27 2:15 p.m.•45 views

CVE-2019-4729

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.

4.3CVSS4.4AI score0.0013EPSS

Total number of security vulnerabilities171