Netapp

Active Iq Unified Manager

846 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-23915

  • EPSS 0.05%
  • Veröffentlicht 23.02.2023 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:47:05

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTP...

5.5

CVE-2023-0482

  • EPSS 0.04%
  • Veröffentlicht 17.02.2023 22:15:11
  • Zuletzt bearbeitet 18.03.2025 16:15:15

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

7.5

CVE-2023-24329

Exploit
  • EPSS 1.31%
  • Veröffentlicht 17.02.2023 15:15:12
  • Zuletzt bearbeitet 03.11.2025 22:16:05

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

7.4

CVE-2023-0361

Exploit
  • EPSS 1.66%
  • Veröffentlicht 15.02.2023 18:15:11
  • Zuletzt bearbeitet 19.03.2025 18:15:18

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...

8.1

CVE-2020-10650

Exploit
  • EPSS 8.63%
  • Veröffentlicht 26.12.2022 20:15:10
  • Zuletzt bearbeitet 19.08.2025 16:37:03

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jt...

7.5

CVE-2022-43551

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.12.2022 15:15:15
  • Zuletzt bearbeitet 21.11.2024 07:26:45

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the U...

7.8

CVE-2022-40304

  • EPSS 0.11%
  • Veröffentlicht 23.11.2022 18:15:12
  • Zuletzt bearbeitet 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.5

CVE-2022-40303

  • EPSS 0.18%
  • Veröffentlicht 23.11.2022 00:15:11
  • Zuletzt bearbeitet 29.04.2025 05:15:43

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset,...

8.8

CVE-2022-3970

Exploit
  • EPSS 0.11%
  • Veröffentlicht 13.11.2022 08:15:16
  • Zuletzt bearbeitet 21.11.2024 07:20:38

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. Th...

7.5

CVE-2022-45061

Exploit
  • EPSS 0.09%
  • Veröffentlicht 09.11.2022 07:15:09
  • Zuletzt bearbeitet 03.11.2025 22:16:01

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead t...