Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Active_iq_unified_manager
(Netapp)| Repositories |
• https://github.com/madler/zlib
• https://github.com/lodash/lodash • https://github.com/mm2/Little-CMS • https://github.com/openbsd/src |
| #Vulnerabilities | 805 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-24 | CVE-2022-24407 | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | Cyrus\-Sasl, Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_security_edge_protection_proxy | 8.8 | ||
| 2022-03-04 | CVE-2022-26336 | A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to... | Poi, Active_iq_unified_manager | 5.5 | ||
| 2022-03-10 | CVE-2022-0865 | Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. | Debian_linux, Fedora, Libtiff, Active_iq_unified_manager | 6.5 | ||
| 2022-03-10 | CVE-2022-0891 | A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact | Debian_linux, Fedora, Libtiff, Active_iq_unified_manager | 7.1 | ||
| 2022-03-11 | CVE-2020-36518 | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Oncommand_insight, Oncommand_workflow_automation, Snap_creator_framework, Big_data_spatial_and_graph, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Financial_services_trade\-Based_anti_money_laundering, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Graph_server_and_client, Health_sciences_empirica_signal, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_sales_audit, Sd\-Wan_edge, Spatial_studio, Utilities_framework, Weblogic_server | 7.5 | ||
| 2022-03-10 | CVE-2022-26488 | In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects... | Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Python | 7.0 | ||
| 2022-03-12 | CVE-2022-26966 | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. | Debian_linux, Linux_kernel, Active_iq_unified_manager, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware | 5.5 | ||
| 2022-03-16 | CVE-2022-27223 | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | Debian_linux, Linux_kernel, Active_iq_unified_manager, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware | 8.8 | ||
| 2022-03-25 | CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, E\-Series_santricity_os_controller, Element_software, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy | 6.8 | ||
| 2022-03-28 | CVE-2022-1056 | Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. | Libtiff, Active_iq_unified_manager | 5.5 |