Active_iq_unified_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Active_iq_unified_manager
(Netapp)

Repositories	• https://github.com/madler/zlib • https://github.com/lodash/lodash • https://github.com/mm2/Little-CMS • https://github.com/openbsd/src
#Vulnerabilities	791

Date	Id	Summary	Products	Score	Patch	Annotated
2019-07-17	CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor...	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_a700s_firmware, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, H410c_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Enterprise_linux, Enterprise_linux_for_arm_64, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus	7.8
2017-10-04	CVE-2017-12617	When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.	Tomcat, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Element, Oncommand_balance, Oncommand_insight, Oncommand_shift, Oncommand_workflow_automation, Snapcenter, Agile_plm, Communications_instant_messaging_server, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Financial_services_analytical_applications_infrastructure, Fmw_platform, Health_sciences_empirica_inspections, Hospitality_guest_access, Instantis_enterprisetrack, Management_pack, Micros_lucas, Micros_retail_xbri_loss_prevention, Mysql_enterprise_monitor, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_convenience_and_fuel_pos_software, Retail_eftlink, Retail_insights, Retail_invoice_matching, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_price_management, Retail_returns_management, Retail_store_inventory_management, Retail_xstore_point_of_service, Transportation_management, Tuxedo_system_and_applications_monitor, Webcenter_sites, Workload_manager, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Fuse, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_enterprise_web_server_text\-Only_advisories	8.1
2019-11-04	CVE-2019-18683	An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(),...	Fabric_operating_system, Ubuntu_linux, Debian_linux, Linux_kernel, 8300_firmware, 8700_firmware, A400_firmware, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Element_software, H610s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap	7.0
2018-06-07	CVE-2018-3721	lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.	Lodash, Active_iq_unified_manager, System_manager	6.5
2019-08-16	CVE-2019-15118	check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.	Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Data_availability_services, H410c_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Leap	5.5
2019-07-26	CVE-2019-10744	Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.	Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Iworkflow, Lodash, Active_iq_unified_manager, Service_level_manager, Banking_extensibility_workbench, Virtualization_manager	9.1
2020-06-09	CVE-2020-10757	A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_mrg	7.8
2017-02-03	CVE-2016-10165	The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.	Ubuntu_linux, Debian_linux, Little_cms_color_engine, Active_iq_unified_manager, E\-Series_santricity_management, E\-Series_santricity_os_controller, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite	7.1
2018-01-18	CVE-2018-2581	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this...	Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Satellite	4.7
2018-01-18	CVE-2018-2627	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks...	Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Satellite	7.5