Netapp

Active Iq Unified Manager

846 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-35043

  • EPSS 0.36%
  • Veröffentlicht 19.07.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:44

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

7.5

CVE-2021-35515

  • EPSS 0.84%
  • Veröffentlicht 13.07.2021 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:25

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5

CVE-2021-35516

  • EPSS 1.89%
  • Veröffentlicht 13.07.2021 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:25

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services tha...

7.5

CVE-2021-35517

  • EPSS 1.44%
  • Veröffentlicht 13.07.2021 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:25

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services th...

7.5

CVE-2021-36090

  • EPSS 0.8%
  • Veröffentlicht 13.07.2021 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:08

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services th...

6.5

CVE-2021-3541

  • EPSS 0.06%
  • Veröffentlicht 09.07.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:48

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

3.6

CVE-2021-34428

  • EPSS 0.67%
  • Veröffentlicht 22.06.2021 15:15:16
  • Zuletzt bearbeitet 21.11.2024 06:10:23

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and mul...

8.1

CVE-2021-22901

Exploit
  • EPSS 0.34%
  • Veröffentlicht 11.06.2021 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:50:52

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentia...

5.3

CVE-2021-28169

  • EPSS 90.4%
  • Veröffentlicht 09.06.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:59:14

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml...

5.5

CVE-2021-3522

  • EPSS 0.17%
  • Veröffentlicht 02.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:45

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.