Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Active_iq_unified_manager
(Netapp)| Repositories |
• https://github.com/madler/zlib
• https://github.com/lodash/lodash • https://github.com/mm2/Little-CMS • https://github.com/openbsd/src |
| #Vulnerabilities | 791 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-05 | CVE-2023-40745 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | Fedora, Libtiff, Active_iq_unified_manager, Enterprise_linux | 6.5 | ||
| 2023-10-14 | CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | Linux_kernel, Active_iq_unified_manager, H410c_firmware | 5.5 | ||
| 2023-10-18 | CVE-2023-38545 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name"... | Fedora, Libcurl, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2019, Windows_server_2022, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation | 9.8 | ||
| 2023-11-01 | CVE-2023-5178 | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. | Linux_kernel, Active_iq_unified_manager, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Enterprise_linux | 8.8 | ||
| 2023-11-03 | CVE-2023-31102 | Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | 7\-Zip, Active_iq_unified_manager, Oncommand_workflow_automation | 7.8 | ||
| 2024-01-16 | CVE-2024-0567 | A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. | Debian_linux, Fedora, Gnutls, Active_iq_unified_manager | 7.5 | ||
| 2024-02-13 | CVE-2023-5517 | A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | Fedora, Bind, Active_iq_unified_manager | N/A | ||
| 2024-02-13 | CVE-2023-5679 | A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | Fedora, Bind, Active_iq_unified_manager | N/A | ||
| 2024-02-13 | CVE-2023-5680 | If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | Bind, Active_iq_unified_manager | N/A | ||
| 2024-02-13 | CVE-2023-6516 | To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the... | Bind, Active_iq_unified_manager | N/A |