Lucene search
K
NetappOncommand Unified Manager

169 matches found

CVE
CVE
added 2018/04/19 2:0 a.m.126 views

CVE-2018-2846

CVE-2018-2846 affects Oracle MySQL Server, specifically the Server: Performance Schema. Affected versions are 5.7.21 and earlier. An attacker with high privileges and network access via multiple protocols can cause the MySQL Server to hang or crash (availability impact). The vulnerability is expl...

4.9CVSS5AI score0.02862EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.124 views

CVE-2015-7849

CVE-2015-7849 is a use-after-free vulnerability in ntpd (NTP) affecting 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The available connected documents describe that remote authenticated users can potentially execute arbitrary code or cause a denial of service (crash) by sending crafted NTP packe...

8.8CVSS9.1AI score0.16848EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.120 views

CVE-2017-10365

CVE-2017-10365 concerns a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The affected versions are 5.7.18 and earlier. An attacker with network access via multiple protocols and with high privileges can potentially compromise MySQL Server, leading to unauthori...

5.5CVSS3.3AI score0.01571EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.119 views

CVE-2018-2839

CVE-2018-2839 affects Oracle MySQL Server (Server: DML). Affected: MySQL 5.7.21 and earlier. Exploitable over network with high privileges via multiple protocols, potentially causing the server to hang or crash (DoS). The documents confirm the impact and affected versions, but do not provide a sp...

4.9CVSS5AI score0.02862EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.118 views

CVE-2017-10286

CVE-2017-10286 affects the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The F5 advisory confirms the vulnerability is exploitable over the network by a high-privileged attacker with access via multiple protocols, and can cause a hang or crash (complete DOS). Affected versions in...

4.4CVSS4.3AI score0.02444EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.117 views

CVE-2015-7854

CVE-2015-7854 is a memory corruption vulnerability in ntpd’s password management. A crafted key file can trigger a buffer overflow, potentially crashing the daemon or allowing arbitrary code execution by remote authenticated users. Affected are NTP 4.2.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77...

8.8CVSS9.3AI score0.1456EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.115 views

CVE-2018-2816

CVE-2018-2816 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.21 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or crash (denial of service). The description indicates remediation guidance via Oracle C...

4.9CVSS5AI score0.02862EPSS
CVE
CVE
added 2017/01/06 9:0 p.m.108 views

CVE-2015-7848

CVE-2015-7848 is an NTP daemon vulnerability where an integer overflow in ntpd processing a crafted private mode (MODE_PRIVATE) packet can cause an out-of-bounds memory copy, leading to an immediate crash. The exploit requires a packet with a valid timestamp and correct MAC. Connected sources con...

7.5CVSS8.6AI score0.06096EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.108 views

CVE-2018-2812

CVE-2018-2812 affects Oracle MySQL Server (subcomponent Server: Optimizer). Affected: MySQL 5.7.21 and earlier. Impact: high privileged attacker with network access can cause a hang/complete DOS and may update/insert/delete data in affected data. Root cause: issues in the Server: Optimizer path a...

5.5CVSS5.3AI score0.02448EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.105 views

CVE-2017-10320

CVE-2017-10320 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.7.19 and earlier. An attacker with network access via multiple protocols can exploit this to cause a hang or a crash (DOS) of MySQL Server. The CVSS v3 base score is 4.9 (Availability impact). Reme...

4.9CVSS4.7AI score0.01942EPSS
CVE
CVE
added 2019/05/10 7:12 p.m.79 views

CVE-2019-5495

CVE-2019-5495 affects OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5. The issue is described as missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The NVD metrics indicate a 5.0 (Medium) base score, C...

7.5CVSS7.2AI score0.01429EPSS
CVE
CVE
added 2019/01/07 3:0 p.m.73 views

CVE-2018-5481

CVE-2018-5481 affects OnCommand Unified Manager for 7-Mode (core package) prior to version 5.2.4, where cookies are set without the secure attribute in certain circumstances. This can enable impersonation via MITM attacks on network-accessible sessions. The vulnerability arises from cookie securi...

7.4CVSS7.3AI score0.00648EPSS
CVE
CVE
added 2019/05/10 6:55 p.m.71 views

CVE-2019-5494

The CVE-2019-5494 entry concerns OnCommand Unified Manager 7-Mode prior to version 5.2.4 that shipped without certain HTTP Security headers. The underlying issue is missing HTTP response security headers, enabling potential information disclosure through unspecified vectors. Affected product: Cis...

7.5CVSS7.1AI score0.00703EPSS
CVE
CVE
added 2017/11/09 7:0 p.m.68 views

CVE-2017-11461

CVE-2017-11461 concerns NetApp OnCommand Unified Manager for 7-mode (core package) prior to version 5.2.1. The issue is a UI redress/clickjacking vulnerability that could cause a user to perform an unintended action within the web interface. The affected software is the OnCommand Unified Manager ...

4.3CVSS4.6AI score0.01018EPSS
CVE
CVE
added 2018/06/22 3:0 p.m.49 views

CVE-2017-7568

NetApp OnCommand Unified Manager for 7-Mode (core package) prior to version 5.2.3 is affected. When LDAP authentication is tested via the UI, authenticated users may disclose sensitive LDAP account information. The issue exposes partial confidentiality and is tied to the LDAP testing flow in the ...

5.3CVSS5.1AI score0.01374EPSS
CVE
CVE
added 2018/04/25 9:0 p.m.49 views

CVE-2018-5486

CVE-2018-5486 affects NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3, where the Java Debug Wire Protocol (JDWP) is left enabled. This enables unauthorized local attackers to execute arbitrary code. The connected sources corroborate an arbitrary code execution impact due to JD...

7.8CVSS7.8AI score0.004EPSS
CVE
CVE
added 2018/05/24 2:0 p.m.45 views

CVE-2018-5487

NetApp OnCommand Unified Manager for Linux (versions 7.2–7.3) is affected. The JMX RMI service is bound to the network, enabling unauthenticated remote code execution. Documented by multiple sources (NVD entry CVE-2018-5487 and CNVD-2018-10340) withImpact described as remote arbitrary code execut...

9.8CVSS9.8AI score0.02895EPSS
CVE
CVE
added 2021/01/28 9:0 p.m.44 views

CVE-2020-8585

CVE-2020-8585 affects NetApp OnCommand Unified Manager Core Package before version 5.2.5. The vulnerability enables disclosure of sensitive account information to unauthorized users via PuTTY Link (plink). No exploitation details are provided in the documents; the root cause is described as an in...

5.5CVSS5.3AI score0.00407EPSS
CVE
CVE
added 2018/05/24 2:0 p.m.43 views

CVE-2018-5485

NetApp OnCommand Unified Manager for Windows versions 7.2–7.3 contain an elevation of privilege vulnerability. This is documented in multiple sources (NVD/CNVD) with the vulnerability described as allowing privilege escalation on affected Windows installations. The documents do not provide the ex...

7.8CVSS7.7AI score0.00415EPSS
Total number of security vulnerabilities169