Netapp

Active Iq Unified Manager

848 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2022-23239

  • EPSS 0.07%
  • Veröffentlicht 28.02.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:14

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.

9.1

CVE-2023-23914

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.02.2023 20:15:13
  • Zuletzt bearbeitet 12.03.2025 19:15:35

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan...

6.5

CVE-2023-23915

  • EPSS 0.03%
  • Veröffentlicht 23.02.2023 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:47:05

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTP...

5.5

CVE-2023-0482

  • EPSS 0.04%
  • Veröffentlicht 17.02.2023 22:15:11
  • Zuletzt bearbeitet 18.03.2025 16:15:15

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

7.5

CVE-2023-24329

Exploit
  • EPSS 1.44%
  • Veröffentlicht 17.02.2023 15:15:12
  • Zuletzt bearbeitet 03.11.2025 22:16:05

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

7.4

CVE-2023-0361

Exploit
  • EPSS 3.13%
  • Veröffentlicht 15.02.2023 18:15:11
  • Zuletzt bearbeitet 19.03.2025 18:15:18

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...

8.1

CVE-2020-10650

Exploit
  • EPSS 9.85%
  • Veröffentlicht 26.12.2022 20:15:10
  • Zuletzt bearbeitet 19.08.2025 16:37:03

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jt...

7.5

CVE-2022-43551

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.12.2022 15:15:15
  • Zuletzt bearbeitet 21.11.2024 07:26:45

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the U...

7.8

CVE-2022-40304

  • EPSS 0.11%
  • Veröffentlicht 23.11.2022 18:15:12
  • Zuletzt bearbeitet 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.5

CVE-2022-40303

  • EPSS 0.13%
  • Veröffentlicht 23.11.2022 00:15:11
  • Zuletzt bearbeitet 29.04.2025 05:15:43

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset,...