Skip to main content

Oncommand Unified Manager Core Package

10 CVEs product

Monthly

CVE-2021-3156 HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo Fedora Debian Linux +21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
99.3%
CVE-2021-23926 Maven CRITICAL PATCH Act Now

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmlbeans Oncommand Unified Manager Core Package Snap Creator Framework Snapmanager +3
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2020-14779 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Openjdk Jdk +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2020-14621 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +21
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-14002 MEDIUM This Month

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Putty Oncommand Unified Manager Core Package Fedora
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2020-1927 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Http Server Fedora Debian Linux +11
NVD
CVSS 3.1
6.1
EPSS
56.7%
CVE-2019-17069 HIGH This Week

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Putty Leap +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2017-7439 HIGH PATCH This Week

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oncommand Unified Manager Core Package
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7236 HIGH PATCH This Week

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Oncommand Unified Manager Core Package
NVD
CVSS 3.0
7.5
EPSS
0.3%
EPSS 99% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo +23
NVD Exploit-DB
EPSS 6% CVSS 9.1
CRITICAL PATCH Act Now

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmlbeans Oncommand Unified Manager Core Package +5
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +19
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +23
NVD
EPSS 3% CVSS 5.9
MEDIUM This Month

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Putty Oncommand Unified Manager Core Package +1
NVD
EPSS 57% CVSS 6.1
MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Http Server +13
NVD
EPSS 2% CVSS 7.5
HIGH This Week

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +3
NVD
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oncommand Unified Manager Core Package
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Oncommand Unified Manager Core Package
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy