Product:

Active_iq_unified_manager

(Netapp)
Repositories https://github.com/madler/zlib
https://github.com/lodash/lodash
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
#Vulnerabilities 791
Date Id Summary Products Score Patch Annotated
2022-01-26 CVE-2021-22570 Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. Debian_linux, Fedora, Protobuf, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 5.5
2022-02-04 CVE-2022-23913 In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. Activemq_artemis, Active_iq_unified_manager, Oncommand_workflow_automation 7.5
2022-02-09 CVE-2022-0391 A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. Fedora, Active_iq_unified_manager, Hci, Hci_compute_node, Management_services_for_element_software, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Http_server, Zfs_storage_appliance_kit, Python 7.5
2022-02-16 CVE-2021-3753 A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. Linux_kernel, Active_iq_unified_manager, Bootstrap_os, Element_software, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Enterprise_linux 4.7
2022-02-16 CVE-2022-25258 An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware 4.6
2022-02-18 CVE-2021-20322 A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_a700s_firmware, Aff_baseboard_management_controller_firmware, E\-Series_santricity_os_controller, Fas_baseboard_management_controller_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy 7.4
2022-02-24 CVE-2022-24407 In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. Cyrus\-Sasl, Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_security_edge_protection_proxy 8.8
2022-02-26 CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_unified_data_repository, Mysql_workbench, Zfs_storage_appliance_kit, Libxml2 7.5
2022-03-04 CVE-2022-26336 A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to... Poi, Active_iq_unified_manager 5.5
2022-03-10 CVE-2022-0865 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. Debian_linux, Fedora, Libtiff, Active_iq_unified_manager 6.5