Product:

Oncommand_unified_manager

(Netapp)
Date Id Summary Products Score Patch Annotated
2020-10-21 CVE-2020-14796 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre 3.1
2020-10-21 CVE-2020-14797 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre 3.7
2020-10-21 CVE-2020-14798 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre 3.1
2018-05-16 CVE-2018-11212 An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. Ubuntu_linux, Debian_linux, Libjpeg, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Leap, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite 6.5
2018-05-11 CVE-2018-1258 Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Agile_plm, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_network_integrity, Communications_performance_intelligence_center, Communications_services_gatekeeper, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Enterprise_repository, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Micros_lucas, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_financial_integration, Retail_integration_bus, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Weblogic_server, Spring_security, Fuse, Spring_framework 8.8
2017-08-07 CVE-2015-7704 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Xenserver, Debian_linux, Enterprise_security_manager, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.5
2017-08-07 CVE-2015-7705 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. Xenserver, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware 9.8
2019-07-02 CVE-2019-5443 A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Curl, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Enterprise_manager_ops_center, Http_server, Mysql_server, Oss_support_tools 7.8
2017-08-07 CVE-2015-7853 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp 9.8
2017-08-07 CVE-2015-7855 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware 6.5