13 matches found
CVE-2018-0735
CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...
CVE-2018-0734
CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...
CVE-2019-2422
CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...
CVE-2018-11212
CVE-2018-11212 affects libjpeg/libjpeg-turbo: the alloc_sarray function in jmemmgr.c allows a remote attacker to cause a denial of service via a crafted file due to a divide-by-zero error. Public advisories (e.g., ALAS2-2019-1198, ALAS-2019-1286, AL2/ALSA-centos/CESA-2019:2052, Debian DLA-1638-1)...
CVE-2019-2426
CVE-2019-2426 affects Oracle Java SE Networking. Affected: Java SE 7u201, 8u192, 11.0.1; Java SE Embedded 8u191. Attack requires network access and can lead to unauthorized read access to a subset of Java SE data. Root cause: vulnerability in the Java SE Networking component that can be exploited...
CVE-2017-7657
CVE-2017-7657 affects Eclipse Jetty: transfer-encoding chunk size parsing could overflow an integer, causing large chunks to be treated as smaller ones and enabling a fake pipelined request that bypasses intermediary authorization. Affected versions include Jetty 9.2.x and older, 9.3.x (all confi...
CVE-2019-2449
CVE-2019-2449 affects Oracle Java SE 8u192 (Java SE Deployment). An unauthenticated attacker with network access via multiple protocols can exploit a vulnerability to cause a partial denial of service on Java SE. Attacks are difficult to exploit and require user interaction. The description notes...
CVE-2019-5495
CVE-2019-5495 affects OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5. The issue is described as missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The NVD metrics indicate a 5.0 (Medium) base score, C...
CVE-2018-5481
CVE-2018-5481 affects OnCommand Unified Manager for 7-Mode (core package) prior to version 5.2.4, where cookies are set without the secure attribute in certain circumstances. This can enable impersonation via MITM attacks on network-accessible sessions. The vulnerability arises from cookie securi...
CVE-2019-5494
The CVE-2019-5494 entry concerns OnCommand Unified Manager 7-Mode prior to version 5.2.4 that shipped without certain HTTP Security headers. The underlying issue is missing HTTP response security headers, enabling potential information disclosure through unspecified vectors. Affected product: Cis...
CVE-2017-11461
CVE-2017-11461 concerns NetApp OnCommand Unified Manager for 7-mode (core package) prior to version 5.2.1. The issue is a UI redress/clickjacking vulnerability that could cause a user to perform an unintended action within the web interface. The affected software is the OnCommand Unified Manager ...
CVE-2017-7568
NetApp OnCommand Unified Manager for 7-Mode (core package) prior to version 5.2.3 is affected. When LDAP authentication is tested via the UI, authenticated users may disclose sensitive LDAP account information. The issue exposes partial confidentiality and is tied to the LDAP testing flow in the ...
CVE-2020-8585
CVE-2020-8585 affects NetApp OnCommand Unified Manager Core Package before version 5.2.5. The vulnerability enables disclosure of sensitive account information to unauthorized users via PuTTY Link (plink). No exploitation details are provided in the documents; the root cause is described as an in...