Skip to main content

Ontap Select Deploy

7 CVEs product

Monthly

CVE-2023-28656 HIGH This Week

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Cloud Backup Ontap Select Deploy Nginx Api Connectivity Manager +2
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2019-6110 MEDIUM POC PATCH THREAT This Month

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH RCE Openssh Winscp Element Software +4
NVD Exploit-DB
CVSS 3.1
6.8
EPSS
20.9%
CVE-2019-6109 MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Winscp Ubuntu Linux +17
NVD VulDB
CVSS 3.1
6.8
EPSS
9.7%
CVE-2018-15919 MEDIUM PATCH This Month

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure SSH Openssh Cloud Backup +4
NVD
CVSS 3.1
5.3
EPSS
3.6%
CVE-2018-15473 MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH Openssh Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
98.6%
CVE-2016-8610 HIGH PATCH Act Now

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.1%.

Denial Of Service OpenSSL Debian Linux Enterprise Linux Desktop Enterprise Linux Server +41
NVD
CVSS 3.1
7.5
EPSS
71.1%
EPSS 1% CVSS 8.1
HIGH This Week

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Cloud Backup +4
NVD
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD
EPSS 21% CVSS 6.8
MEDIUM POC PATCH THREAT This Month

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH RCE Openssh +6
NVD Exploit-DB
EPSS 10% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh +19
NVD VulDB
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure SSH +6
NVD
EPSS 99% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH +22
NVD GitHub Exploit-DB
EPSS 71% CVSS 7.5
HIGH PATCH Act Now

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.1%.

Denial Of Service OpenSSL Debian Linux +43
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy