Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oncommand_shift
(Netapp)| Repositories |
• https://github.com/mm2/Little-CMS
• https://github.com/madler/zlib |
| #Vulnerabilities | 59 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-06 | CVE-2017-15095 | A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. | Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Clusterware, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_instant_messaging_server, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Identity_manager, Jd_edwards_enterpriseone_tools, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Satellite, Satellite_capsule | 9.8 | ||
| 2018-02-06 | CVE-2017-7525 | A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Communications_billing_and_revenue_management, Communications_communications_policy_management, Communications_diameter_signaling_route, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Virtualization, Virtualization_host | 9.8 | ||
| 2018-01-22 | CVE-2018-5968 | FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | Debian_linux, Jackson\-Databind, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Oncommand_shift, Jboss_enterprise_application_platform, Openshift_container_platform, Virtualization, Virtualization_host | 8.1 | ||
| 2018-01-10 | CVE-2017-17485 | FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. | Debian_linux, Jackson\-Databind, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Oncommand_shift, Snapcenter, Jboss_enterprise_application_platform, Openshift_container_platform | 9.8 | ||
| 2016-09-21 | CVE-2015-8960 | The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key... | Transport_layer_security, Clustered_data_ontap_antivirus_connector, Data_ontap_edge, Host_agent, Oncommand_shift, Plug\-In_for_symantec_netbackup, Smi\-S_provider, Snap_creator_framework, Snapdrive, Snapmanager, Snapprotect, Solidfire_\&_hci_management_node, System_setup | 8.1 | ||
| 2017-10-19 | CVE-2017-10274 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to... | Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Element_software, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.8 | ||
| 2017-08-08 | CVE-2017-10096 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks... | Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, Element_software, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite | 9.6 | ||
| 2017-08-08 | CVE-2017-10087 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded,... | Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, Element_software, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite | 9.6 | ||
| 2017-08-08 | CVE-2017-10090 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks... | Debian_linux, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, Element_software, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite | 9.6 | ||
| 2017-08-08 | CVE-2017-10118 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java... | Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, Element_software, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Jrockit, Fl_mguard_dm | 7.5 |