Product:

Active_iq_unified_manager

(Netapp)
Repositories https://github.com/madler/zlib
https://github.com/lodash/lodash
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
#Vulnerabilities 761
Date Id Summary Products Score Patch Annotated
2023-06-21 CVE-2023-2829 A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. Bind, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware 7.5
2023-06-21 CVE-2023-2911 If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Debian_linux, Fedora, Bind, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware 7.5
2022-04-27 CVE-2022-24891 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration... Active_iq_unified_manager, Oncommand_workflow_automation, Weblogic_server, Enterprise_security_api 6.1
2020-05-19 CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. Jquery, Junos, Active_iq_unified_manager, Cloud_backup, Oncommand_system_manager, Snap_creator_framework, Peoplesoft_enterprise_peopletools 6.1
2020-06-12 CVE-2020-10732 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Aff_a700_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap 4.4
2020-07-15 CVE-2020-14620 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 4.9
2020-07-15 CVE-2020-14623 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 4.9
2020-07-15 CVE-2020-14624 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 4.9
2020-07-15 CVE-2020-14631 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 4.9
2020-07-15 CVE-2020-14643 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 5.5