169 matches found
CVE-2018-2846
CVE-2018-2846 affects Oracle MySQL Server, specifically the Server: Performance Schema. Affected versions are 5.7.21 and earlier. An attacker with high privileges and network access via multiple protocols can cause the MySQL Server to hang or crash (availability impact). The vulnerability is expl...
CVE-2015-7849
CVE-2015-7849 is a use-after-free vulnerability in ntpd (NTP) affecting 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The available connected documents describe that remote authenticated users can potentially execute arbitrary code or cause a denial of service (crash) by sending crafted NTP packe...
CVE-2017-10365
CVE-2017-10365 concerns a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The affected versions are 5.7.18 and earlier. An attacker with network access via multiple protocols and with high privileges can potentially compromise MySQL Server, leading to unauthori...
CVE-2018-2839
CVE-2018-2839 affects Oracle MySQL Server (Server: DML). Affected: MySQL 5.7.21 and earlier. Exploitable over network with high privileges via multiple protocols, potentially causing the server to hang or crash (DoS). The documents confirm the impact and affected versions, but do not provide a sp...
CVE-2017-10286
CVE-2017-10286 affects the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The F5 advisory confirms the vulnerability is exploitable over the network by a high-privileged attacker with access via multiple protocols, and can cause a hang or crash (complete DOS). Affected versions in...
CVE-2015-7854
CVE-2015-7854 is a memory corruption vulnerability in ntpd’s password management. A crafted key file can trigger a buffer overflow, potentially crashing the daemon or allowing arbitrary code execution by remote authenticated users. Affected are NTP 4.2.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77...
CVE-2018-2816
CVE-2018-2816 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.21 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or crash (denial of service). The description indicates remediation guidance via Oracle C...
CVE-2015-7848
CVE-2015-7848 is an NTP daemon vulnerability where an integer overflow in ntpd processing a crafted private mode (MODE_PRIVATE) packet can cause an out-of-bounds memory copy, leading to an immediate crash. The exploit requires a packet with a valid timestamp and correct MAC. Connected sources con...
CVE-2018-2812
CVE-2018-2812 affects Oracle MySQL Server (subcomponent Server: Optimizer). Affected: MySQL 5.7.21 and earlier. Impact: high privileged attacker with network access can cause a hang/complete DOS and may update/insert/delete data in affected data. Root cause: issues in the Server: Optimizer path a...
CVE-2017-10320
CVE-2017-10320 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.7.19 and earlier. An attacker with network access via multiple protocols can exploit this to cause a hang or a crash (DOS) of MySQL Server. The CVSS v3 base score is 4.9 (Availability impact). Reme...
CVE-2019-5495
CVE-2019-5495 affects OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5. The issue is described as missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The NVD metrics indicate a 5.0 (Medium) base score, C...
CVE-2018-5481
CVE-2018-5481 affects OnCommand Unified Manager for 7-Mode (core package) prior to version 5.2.4, where cookies are set without the secure attribute in certain circumstances. This can enable impersonation via MITM attacks on network-accessible sessions. The vulnerability arises from cookie securi...
CVE-2019-5494
The CVE-2019-5494 entry concerns OnCommand Unified Manager 7-Mode prior to version 5.2.4 that shipped without certain HTTP Security headers. The underlying issue is missing HTTP response security headers, enabling potential information disclosure through unspecified vectors. Affected product: Cis...
CVE-2017-11461
CVE-2017-11461 concerns NetApp OnCommand Unified Manager for 7-mode (core package) prior to version 5.2.1. The issue is a UI redress/clickjacking vulnerability that could cause a user to perform an unintended action within the web interface. The affected software is the OnCommand Unified Manager ...
CVE-2017-7568
NetApp OnCommand Unified Manager for 7-Mode (core package) prior to version 5.2.3 is affected. When LDAP authentication is tested via the UI, authenticated users may disclose sensitive LDAP account information. The issue exposes partial confidentiality and is tied to the LDAP testing flow in the ...
CVE-2018-5486
CVE-2018-5486 affects NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3, where the Java Debug Wire Protocol (JDWP) is left enabled. This enables unauthorized local attackers to execute arbitrary code. The connected sources corroborate an arbitrary code execution impact due to JD...
CVE-2018-5487
NetApp OnCommand Unified Manager for Linux (versions 7.2–7.3) is affected. The JMX RMI service is bound to the network, enabling unauthenticated remote code execution. Documented by multiple sources (NVD entry CVE-2018-5487 and CNVD-2018-10340) withImpact described as remote arbitrary code execut...
CVE-2020-8585
CVE-2020-8585 affects NetApp OnCommand Unified Manager Core Package before version 5.2.5. The vulnerability enables disclosure of sensitive account information to unauthorized users via PuTTY Link (plink). No exploitation details are provided in the documents; the root cause is described as an in...
CVE-2018-5485
NetApp OnCommand Unified Manager for Windows versions 7.2–7.3 contain an elevation of privilege vulnerability. This is documented in multiple sources (NVD/CNVD) with the vulnerability described as allowing privilege escalation on affected Windows installations. The documents do not provide the ex...