Product:

Active_iq_unified_manager

(Netapp)
Repositories https://github.com/madler/zlib
https://github.com/lodash/lodash
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
#Vulnerabilities 791
Date Id Summary Products Score Patch Annotated
2022-03-10 CVE-2022-0891 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact Debian_linux, Fedora, Libtiff, Active_iq_unified_manager 7.1
2022-03-11 CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Oncommand_insight, Oncommand_workflow_automation, Snap_creator_framework, Big_data_spatial_and_graph, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Financial_services_trade\-Based_anti_money_laundering, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Graph_server_and_client, Health_sciences_empirica_signal, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_sales_audit, Sd\-Wan_edge, Spatial_studio, Utilities_framework, Weblogic_server 7.5
2022-03-10 CVE-2022-26488 In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects... Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Python 7.0
2022-03-12 CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. Debian_linux, Linux_kernel, Active_iq_unified_manager, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware 5.5
2022-03-16 CVE-2022-27223 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. Debian_linux, Linux_kernel, Active_iq_unified_manager, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware 8.8
2022-03-25 CVE-2021-4203 A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, E\-Series_santricity_os_controller, Element_software, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy 6.8
2022-03-28 CVE-2022-1056 Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. Libtiff, Active_iq_unified_manager 5.5
2022-04-08 CVE-2022-28796 jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Fedora, Linux_kernel, Active_iq_unified_manager, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Enterprise_linux 7.0
2022-04-14 CVE-2022-22968 In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. Active_iq_unified_manager, Cloud_secure_agent, Metrocluster_tiebreaker, Snap_creator_framework, Snapmanager, Mysql_enterprise_monitor, Spring_framework 5.3
2022-04-19 CVE-2022-21412 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS... Active_iq_unified_manager, Oncommand_insight, Snapcenter, Mysql N/A