Netapp Oncommand Unified Manager Core Package — known CVE vulnerabilities
Every CVE whose affected-product data names Netapp Oncommand Unified Manager Core Package, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2021-23926 — CVSS 9.1 (critical): The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input…
CVE-2017-7439 — CVSS 7.5 (high): NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors…
CVE-2017-7236 — CVSS 7.5 (high): SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute…
CVE-2019-17069 — CVSS 7.5 (high): PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an…
CVE-2020-1927 — CVSS 6.1 (medium): In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by…
CVE-2020-14002 — CVSS 5.9 (medium): PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows…
CVE-2019-1559 — CVSS 5.9 (medium): If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive…
CVE-2020-14621 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java…
CVE-2017-15906 — CVSS 5.3 (medium): The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows…
CVE-2020-14779 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…