Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oncommand_workflow_automation
(Netapp)| Repositories |
• https://github.com/bcgit/bc-java
• https://github.com/madler/zlib • https://github.com/FasterXML/jackson-databind • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 699 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-20 | CVE-2021-2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS... | Fedora, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 6.5 | ||
| 2021-01-20 | CVE-2021-2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS... | Fedora, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 4.9 | ||
| 2021-01-20 | CVE-2021-2022 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4... | Fedora, Mariadb, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 4.4 | ||
| 2021-01-27 | CVE-2021-26118 | While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | Activemq_artemis, Oncommand_workflow_automation | 7.5 | ||
| 2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the... | Fedora, Active_iq_unified_manager, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Graalvm, Jd_edwards_enterpriseone_tools, Mysql_cluster, Nosql_database, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services | 7.5 | ||
| 2021-03-09 | CVE-2021-21295 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as... | Kudu, Zookeeper, Debian_linux, Oncommand_api_services, Oncommand_workflow_automation, Netty, Communications_cloud_native_core_policy, Quarkus | 5.9 | ||
| 2021-03-25 | CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.... | Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Cloud_volumes_ontap_mediator, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider_firmware, Storagegrid, Storagegrid_firmware, Node\.js, Openssl, Commerce_guided_search, Enterprise_manager_for_storage_management, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Secure_global_desktop, Weblogic_server, Capture_client, Email_security, Sma100_firmware, Sonicos, Nessus, Nessus_agent, Nessus_network_monitor, Linux | 7.4 | ||
| 2021-03-30 | CVE-2021-21409 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a... | Debian_linux, Oncommand_api_services, Oncommand_workflow_automation, Netty, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_trade_finance_process_management, Coherence, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_console, Communications_cloud_native_core_policy, Communications_design_studio, Communications_messaging_server, Helidon, Jd_edwards_enterpriseone_tools, Nosql_database, Primavera_gateway, Quarkus | 5.9 | ||
| 2021-04-22 | CVE-2021-2146 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability... | Fedora, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 4.9 | ||
| 2021-04-22 | CVE-2021-2154 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:... | Fedora, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 4.9 |