Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Active_iq_unified_manager
(Netapp)| Repositories |
• https://github.com/madler/zlib
• https://github.com/lodash/lodash • https://github.com/mm2/Little-CMS • https://github.com/openbsd/src |
| #Vulnerabilities | 757 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-22 | CVE-2021-36222 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | Debian_linux, Kerberos_5, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql_server | 7.5 | ||
| 2021-10-20 | CVE-2021-35618 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql_cluster | 1.8 | ||
| 2021-10-20 | CVE-2021-35621 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker.... | Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql_cluster | 6.3 | ||
| 2020-06-16 | CVE-2020-14195 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager | 8.1 | ||
| 2020-07-29 | CVE-2020-15707 | Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code... | Ubuntu_linux, Debian_linux, Grub2, Windows_10, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Active_iq_unified_manager, Leap, Enterprise_linux, Enterprise_linux_atomic_host, Openshift_container_platform, Suse_linux_enterprise_server | 6.4 | ||
| 2019-05-08 | CVE-2019-11815 | An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Snapprotect, Solidfire, Storage_replication_adapter, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap | 8.1 | ||
| 2020-01-15 | CVE-2020-2583 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java... | Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 3.7 | ||
| 2019-11-18 | CVE-2019-19069 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. | Fabric_operating_system, Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage | 7.5 | ||
| 2019-11-07 | CVE-2019-18805 | An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | Fabric_operating_system, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux | 9.8 | ||
| 2019-03-27 | CVE-2019-10125 | An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. | Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire | 9.8 |