Product:

Snapcenter

(Netapp)
Date ID Summary Products Score Patch
2020-07-15 CVE-2020-14540 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability... Snapcenter, Mysql N/A
2020-07-15 CVE-2020-14539 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base... Snapcenter, Mysql N/A
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter 9.8
2018-04-19 CVE-2018-2813 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality... Ubuntu_linux, Debian_linux, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack 4.3
2017-04-17 CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Log4j, Oncommand_api_services, Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Storage_automation_store, Api_gateway, Autovue_vuelink_integration, Banking_platform, Bi_publisher, Communications_converged_application_server_\-_service_controller, Communications_messaging_server, Communications_online_mediation_controller, Communications_pricing_design_center, Communications_service_broker, Communications_webrtc_session_controller, Configuration_manager, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_manager_for_mysql_database, Enterprise_manager_for_oracle_database, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_profitability_management, Flexcube_investor_servicing, Fusion_middleware_mapviewer, Goldengate_application_adapters, Identity_analytics, Identity_management_suite, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Jdeveloper, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_clearance_optimization_engine, Retail_extract_transform_and_load, Retail_integration_bus, Retail_open_commerce_platform, Retail_predictive_application_server, Siebel_ui_framework, Soa_suite, Tape_library_acsls, Utilities_work_and_asset_management, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2018-12-07 CVE-2018-18311 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdriver, Perl, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform 9.8
2018-10-30 CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). Ubuntu_linux, Debian_linux, Cloud_backup, Cn1610_firmware, Oncommand_unified_manager, Santricity_smi\-S_provider, Snapcenter, Steelstore, Storage_automation_store, Node\.js, Openssl, Api_gateway, E\-Business_suite_technology_stack, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_enterprise_backup, Peoplesoft_enterprise_peopletools, Primavera_p6_professional_project_management, Tuxedo 5.9
2020-07-15 CVE-2020-14641 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS... Snapcenter, Mysql N/A
2020-07-15 CVE-2020-14634 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector:... Snapcenter, Mysql N/A
2018-08-20 CVE-2018-1000632 dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. Debian_linux, Dom4j, Oncommand_workflow_automation, Snap_creator_framework, Snapcenter, Snapmanager, Flexcube_investor_servicing, Primavera_p6_enterprise_project_portfolio_management, Rapid_planning, Retail_integration_bus, Utilities_framework, Jboss_enterprise_application_platform, Satellite, Satellite_capsule N/A