Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Management_services_for_element_software
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-05 | CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | Ipados, Iphone_os, Macos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, H300s_firmware, H500s_firmware, H700s_firmware, Hci, Hci_compute_node, Management_services_for_element_software, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Storagegrid, Stormshield_network_security, Zlib | 9.8 | ||
| 2022-11-09 | CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied... | Fedora, Active_iq_unified_manager, Bootstrap_os, E\-Series_performance_analyzer, Element_software, Hci, Management_services_for_element_software, Ontap_select_deploy_administration_utility, Python | 7.5 | ||
| 2023-02-17 | CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | Fedora, Active_iq_unified_manager, Management_services_for_element_software, Management_services_for_netapp_hci, Ontap_select_deploy_administration_utility, Python | 7.5 | ||
| 2023-07-25 | CVE-2023-37920 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. | Certifi, Fedora, Active_iq_unified_manager, Management_services_for_element_software, Management_services_for_netapp_hci, Ontap_mediator, Ontap_select_deploy_administration_utility, Solidfire_\&_hci_storage_node | 9.8 | ||
| 2022-12-07 | CVE-2022-23491 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of... | Certifi, E\-Series_performance_analyzer, Management_services_for_element_software, Management_services_for_netapp_hci | 7.5 | ||
| 2022-11-09 | CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | Fedora, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Management_services_for_element_software, Management_services_for_netapp_hci, Samba | N/A | ||
| 2022-11-09 | CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | Fedora, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Management_services_for_element_software, Management_services_for_netapp_hci, Samba | N/A | ||
| 2022-11-09 | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | Fedora, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Management_services_for_element_software, Management_services_for_netapp_hci, Samba | N/A | ||
| 2021-02-26 | CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | Nifi, Solr, Spark, Debian_linux, Jetty, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Hci, Hci_management_node, Management_services_for_element_software, Snap_creator_framework, Snapcenter, Snapmanager, Solidfire, Rest_data_services | 5.3 | ||
| 2021-05-27 | CVE-2021-22118 | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | Hci, Management_services_for_element_software, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_interactive_session_recorder, Communications_network_integrity, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Healthcare_data_repository, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Retail_assortment_planning, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Utilities_testing_accelerator, Spring_framework | 7.8 |