Product:

Oncommand_insight

(Netapp)
Repositories https://github.com/madler/zlib
https://github.com/mm2/Little-CMS
#Vulnerabilities 912
Date Id Summary Products Score Patch Annotated
2022-12-23 CVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP)... Fedora, Curl, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Universal_forwarder 7.5
2022-04-19 CVE-2022-21476 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can... Zulu, Debian_linux, Active_iq_unified_manager, Bootstrap_os, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Element_software, Hci_management_node, Oncommand_insight, Santricity_unified_manager, Solidfire, Graalvm, Jdk, Openjdk 7.5
2020-10-06 CVE-2020-25644 A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_application_runtimes, Single_sign\-On, Wildfly_openssl 7.5
2022-01-19 CVE-2022-21277 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk 5.3
2022-01-19 CVE-2022-21283 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized... Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk 5.3
2022-01-19 CVE-2022-21282 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk 5.3
2024-01-16 CVE-2024-20918 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle... Debian_linux, Cloud_insights_acquisition_unit, Cloud_insights_storage_workload_security_agent, Oncommand_insight, Graalvm, Graalvm_for_jdk, Jdk, Jre 7.4
2024-01-16 CVE-2024-20922 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require... Cloud_insights_acquisition_unit, Cloud_insights_storage_workload_security_agent, Oncommand_insight, Graalvm, Jdk, Jre 2.5
2024-01-16 CVE-2024-20926 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,... Debian_linux, Cloud_insights_acquisition_unit, Cloud_insights_storage_workload_security_agent, Oncommand_insight, Graalvm, Graalvm_for_jdk, Jdk, Jre 5.9
2024-01-16 CVE-2024-20961 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5... Oncommand_insight, Mysql 6.5