threat
engine
.sh
Back
·
··:··
Home
/
Product
/
netapp oncommand unified manager
Product
netapp oncommand unified manager
169 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-8585
< 5.2.5
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users vi
5.5
MEDIUM
CVE-2020-14803
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 1
5.3
MEDIUM
CVE-2020-14798
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1
LOW
CVE-2020-14797
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7
LOW
CVE-2020-14796
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1
LOW
CVE-2020-14792
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affecte
4.2
MEDIUM
CVE-2019-18276
>= 9.5
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effe
7.8
HIGH
CVE-2019-5482
>= 9.5
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
9.8
CRITICAL
CVE-2019-5443
>= 9.5
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will mak
7.8
HIGH
CVE-2019-5495
< 9.5
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configu
7.5
HIGH
CVE-2019-5494
< 5.2.4
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow
7.5
HIGH
CVE-2019-0211
all versions
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr
7.8
HIGH
CVE-2019-0217
all versions
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could al
7.5
HIGH
CVE-2019-9898
all versions
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
9.8
CRITICAL
CVE-2019-9897
all versions
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
7.5
HIGH
CVE-2019-9894
all versions
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
7.5
HIGH
CVE-2019-1559
all versions
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9
MEDIUM
CVE-2019-2539
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affect
4.9
MEDIUM
CVE-2019-2537
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.9
MEDIUM
CVE-2019-2536
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
5.0
MEDIUM
CVE-2019-2535
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected
4.1
MEDIUM
CVE-2019-2534
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
7.1
HIGH
CVE-2019-2533
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions tha
6.5
MEDIUM
CVE-2019-2532
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9
MEDIUM
CVE-2019-2531
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.9
MEDIUM
CVE-2019-2530
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9
MEDIUM
CVE-2019-2529
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5
MEDIUM
CVE-2019-2513
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13
2.5
LOW
CVE-2019-2502
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9
MEDIUM
CVE-2019-2481
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9
MEDIUM
CVE-2019-2449
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Jav
3.1
LOW
CVE-2019-2436
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
5.5
MEDIUM
CVE-2019-2434
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5
MEDIUM
CVE-2019-2426
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java
3.7
LOW
CVE-2019-2422
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java
3.1
LOW
CVE-2019-2420
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9
MEDIUM
CVE-2018-5481
< 5.2.4
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumst
7.4
HIGH
CVE-2018-0734
all versions
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variati
5.9
MEDIUM
CVE-2018-0735
all versions
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use varia
5.9
MEDIUM
CVE-2018-10933
>= 9.4
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create c
9.1
CRITICAL
CVE-2018-3286
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.3
MEDIUM
CVE-2018-3285
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected
4.9
MEDIUM
CVE-2018-3283
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected
4.4
MEDIUM
CVE-2018-3280
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are
4.9
MEDIUM
CVE-2018-3279
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are a
4.9
MEDIUM
CVE-2018-3278
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are
4.9
MEDIUM
CVE-2018-3276
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affecte
4.9
MEDIUM
CVE-2018-3251
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
6.5
MEDIUM
CVE-2018-3247
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected ar
5.5
MEDIUM
CVE-2018-3212
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that ar
4.9
MEDIUM
CVE-2018-3203
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5
MEDIUM
CVE-2018-3195
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
5.5
MEDIUM
CVE-2018-3187
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
5.5
MEDIUM
CVE-2018-3186
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9
MEDIUM
CVE-2018-3185
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
5.5
MEDIUM
CVE-2018-3182
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
6.5
MEDIUM
CVE-2018-3170
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.9
MEDIUM
CVE-2018-3156
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
6.5
MEDIUM
CVE-2018-3155
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
7.7
HIGH
CVE-2018-3145
>= 7.3 and <= 9.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5
MEDIUM
CVE-2018-3144
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are a
5.9
MEDIUM
CVE-2018-3143
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
6.5
MEDIUM
CVE-2018-3137
>= 7.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5
MEDIUM
CVE-2018-3133
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5
MEDIUM
CVE-2018-15473
>= 9.4
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user un
5.3
MEDIUM
CVE-2018-2973
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affec
5.9
MEDIUM
CVE-2018-2964
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3
HIGH
CVE-2018-2952
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported version
3.7
LOW
CVE-2018-2942
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Jav
8.3
HIGH
CVE-2018-2941
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE:
8.3
HIGH
CVE-2018-2940
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
4.3
MEDIUM
CVE-2018-2938
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE
9.0
CRITICAL
CVE-2017-7657
< 5.2.4
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 complian
9.8
CRITICAL
CVE-2018-12538
all versions
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage
8.8
HIGH
CVE-2017-7568
< 5.2.3
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information
5.3
MEDIUM
CVE-2018-5487
>= 7.2 and <= 7.3
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocati
9.8
CRITICAL
CVE-2018-5485
>= 7.2 and <= 7.3
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a pri
7.8
HIGH
CVE-2018-11212
all versions
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of
6.5
MEDIUM
CVE-2018-8014
>= 7.3
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.4
9.8
CRITICAL
CVE-2018-1258
>= 9.4
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when
8.8
HIGH
CVE-2018-5486
>= 7.2 and <= 7.3
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which all
7.8
HIGH
CVE-2018-2846
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that ar
4.9
MEDIUM
CVE-2018-2839
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
4.9
MEDIUM
CVE-2018-2826
>= 9.4
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java
8.3
HIGH
CVE-2018-2825
>= 9.4
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java
8.3
HIGH
CVE-2018-2818
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions tha
4.9
MEDIUM
CVE-2018-2816
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9
MEDIUM
CVE-2018-2813
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.3
MEDIUM
CVE-2018-2812
>= 9.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
5.5
MEDIUM
CVE-2016-10708
>= 9.4
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an
7.5
HIGH
CVE-2018-2638
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3
HIGH
CVE-2018-2627
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java
7.5
HIGH
CVE-2018-2581
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE:
4.7
MEDIUM
CVE-2016-8610
all versions
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define
7.5
HIGH
CVE-2017-11461
< 5.2.1
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redres
4.3
MEDIUM
CVE-2017-10388
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
7.5
HIGH
CVE-2017-10384
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5
MEDIUM
CVE-2017-10379
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
6.5
MEDIUM
CVE-2017-10378
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5
MEDIUM
CVE-2017-10365
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
3.8
LOW
CVE-2017-10357
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that
5.3
MEDIUM
CVE-2017-10356
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
6.2
MEDIUM
CVE-2017-10355
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
5.3
MEDIUM
CVE-2017-10350
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are aff
5.3
MEDIUM
CVE-2017-10349
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
5.3
MEDIUM
CVE-2017-10348
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
5.3
MEDIUM
CVE-2017-10347
<= 7.1
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affec
5.3
MEDIUM
CVE-2017-10346
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
9.6
CRITICAL
CVE-2017-10345
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
3.1
LOW
CVE-2017-10320
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
4.9
MEDIUM
CVE-2017-10309
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
7.1
HIGH
CVE-2017-10295
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
4.0
MEDIUM
CVE-2017-10293
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE
6.1
MEDIUM
CVE-2017-10286
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
4.4
MEDIUM
CVE-2017-10285
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.6
CRITICAL
CVE-2017-10281
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3
MEDIUM
CVE-2017-10274
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are J
6.8
MEDIUM
CVE-2017-10268
<= 7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.1
MEDIUM
CVE-2017-10243
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions tha
6.5
MEDIUM
CVE-2017-10198
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
6.8
MEDIUM
CVE-2017-10193
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.1
LOW
CVE-2017-10176
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
7.5
HIGH
CVE-2017-10135
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
5.9
MEDIUM
CVE-2017-10125
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
7.1
HIGH
CVE-2017-10118
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
7.5
HIGH
CVE-2017-10116
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
8.3
HIGH
CVE-2017-10115
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
7.5
HIGH
CVE-2017-10114
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE:
8.3
HIGH
CVE-2017-10111
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that i
9.6
CRITICAL
CVE-2017-10110
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u
9.6
CRITICAL
CVE-2017-10109
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3
MEDIUM
CVE-2017-10108
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3
MEDIUM
CVE-2017-10107
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.6
CRITICAL
CVE-2017-10105
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
4.3
MEDIUM
CVE-2017-10102
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.0
CRITICAL
CVE-2017-10101
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
9.6
CRITICAL
CVE-2017-10096
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
9.6
CRITICAL
CVE-2017-10090
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
9.6
CRITICAL
CVE-2017-10089
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE
9.6
CRITICAL
CVE-2017-10087
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
9.6
CRITICAL
CVE-2017-10086
>= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE:
9.6
CRITICAL
CVE-2017-10081
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
4.3
MEDIUM
CVE-2017-10078
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java
8.1
HIGH
CVE-2017-10074
<= 7.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3
HIGH
CVE-2017-10067
<= 7.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java S
7.5
HIGH
CVE-2017-10053
<= 7.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that ar
5.3
MEDIUM
CVE-2015-7871
all versions
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
9.8
CRITICAL
CVE-2015-7855
all versions
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial o
6.5
MEDIUM
CVE-2015-7854
all versions
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authen
8.8
HIGH
CVE-2015-7853
all versions
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execu
9.8
CRITICAL
CVE-2015-7852
all versions
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted
5.9
MEDIUM
CVE-2015-7850
all versions
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite
6.5
MEDIUM
CVE-2015-7849
all versions
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to pos
8.8
HIGH
CVE-2015-7705
all versions
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via
9.8
CRITICAL
CVE-2015-7704
all versions
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a numbe
7.5
HIGH
CVE-2015-7702
all versions
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
6.5
MEDIUM
CVE-2015-7701
all versions
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to c
7.5
HIGH
CVE-2015-7692
all versions
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2015-7691
all versions
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2016-8743
all versions
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in r
7.5
HIGH
CVE-2015-7703
all versions
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allo
7.5
HIGH
CVE-2017-9788
all versions
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was
9.1
CRITICAL
CVE-2017-7668
all versions
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_fi
7.5
HIGH
CVE-2017-3167
all versions
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of t
9.8
CRITICAL
CVE-2016-9841
<= 7.1
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmet
9.8
CRITICAL
CVE-2016-10165
all versions
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or caus
7.1
HIGH
CVE-2015-7848
all versions
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially craf
7.5
HIGH
CVE-2016-3427
all versions
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8
CRITICAL
CVE-2010-1871
all versions
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize i
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin