Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Snapcenter
(Netapp)| Repositories |
• https://github.com/Perl/perl5
• https://github.com/FasterXML/jackson-databind • https://github.com/jquery/jquery-ui • https://github.com/madler/zlib • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 569 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-19 | CVE-2022-21485 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker.... | Active_iq_unified_manager, Oncommand_insight, Snapcenter, Mysql | N/A | ||
| 2022-04-19 | CVE-2022-21486 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker.... | Active_iq_unified_manager, Oncommand_insight, Snapcenter, Mysql | N/A | ||
| 2022-04-19 | CVE-2022-21489 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker.... | Active_iq_unified_manager, Oncommand_insight, Snapcenter, Mysql | N/A | ||
| 2022-04-19 | CVE-2022-21490 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker.... | Active_iq_unified_manager, Oncommand_insight, Snapcenter, Mysql_cluster | N/A | ||
| 2022-05-06 | CVE-2022-24823 | Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running... | Active_iq_unified_manager, Oncommand_workflow_automation, Snapcenter, Netty, Financial_services_crime_and_compliance_management_studio | 5.5 | ||
| 2022-06-02 | CVE-2022-27778 | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | Curl, Active_iq_unified_manager, Bh500s_firmware, Clustered_data_ontap, H300s_firmware, H410s_firmware, H700s_firmware, Hci_compute_node_firmware, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire_\&_hci_management_node, Mysql_server, Universal_forwarder | 8.1 | ||
| 2022-07-01 | CVE-2022-2274 | The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys... | H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Snapcenter, Openssl | 9.8 | ||
| 2022-07-06 | CVE-2022-33980 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote... | Commons_configuration, Debian_linux, Snapcenter | 9.8 | ||
| 2022-07-07 | CVE-2022-2048 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | Debian_linux, Jetty, Jenkins, Element_plug\-In_for_vcenter_server, Hci_compute_node, Management_services_for_element_software_and_netapp_hci, Snapcenter, Solidfire_\&_hci_storage_node | 7.5 | ||
| 2022-07-07 | CVE-2022-2047 | In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. | Debian_linux, Jetty, Element_plug\-In_for_vcenter_server, Hci_compute_node, Management_services_for_element_software_and_netapp_hci, Snapcenter, Solidfire_\&_hci_storage_node | 2.7 |