本ページは netapp oncommand_unified_manager_core_package に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-3156 KEV | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | [email protected] | 7.8 | 99.30% | 2021-01-26 | 2025-11-10 |
| CVE-2021-23926 | The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. | [email protected] | 9.1 | 6.27% | 2021-01-14 | 2024-11-21 |
| CVE-2020-14779 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java | [email protected] | 3.7 | 3.73% | 2020-10-21 | 2025-05-27 |
| CVE-2020-14621 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible dat | [email protected] | 5.3 | 4.43% | 2020-07-15 | 2025-05-27 |
| CVE-2020-14002 | PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). | [email protected] | 5.9 | 3.12% | 2020-06-29 | 2024-11-21 |
| CVE-2020-1927 | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | [email protected] | 6.1 | 61.18% | 2020-04-02 | 2024-11-21 |
| CVE-2019-17069 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | [email protected] | 7.5 | 2.25% | 2019-10-01 | 2024-11-21 |
| CVE-2019-1559 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt dat | [email protected] | 5.9 | 17.14% | 2019-02-27 | 2024-11-21 |
| CVE-2017-15906 | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | [email protected] | 5.3 | 3.36% | 2017-10-26 | 2026-05-28 |
| CVE-2017-7439 | NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | [email protected] | 7.5 | 1.88% | 2017-05-26 | 2026-05-13 |
| CVE-2017-7236 | SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | [email protected] | 7.5 | 1.79% | 2017-05-26 | 2026-05-13 |