Latest netapp management services for element software Vulnerabilities

CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs becaus...
MIT Kerberos 5<1.20.2
MIT Kerberos 5=1.21
MIT Kerberos 5=1.21-beta1
Debian Debian Linux=10.0
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 3 more
CVE-2023-24329
Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse component. By sending a specially-crafted request using URL starts with blank characters, an ...
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
redhat/python<3.11
ubuntu/python2.7<2.7.6-8ubuntu0.6+
ubuntu/python2.7<2.7.12-1ubuntu0~16.04.18+
ubuntu/python3.10<3.10.6-1~22.04.2ubuntu1.1
ubuntu/python3.10<3.10.7-1ubuntu0.4
and 23 more
CVE-2022-45061
A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder ...
redhat/python3<0:3.6.8-48.el8_7.1
redhat/python3.9<0:3.9.14-1.el9_1.2
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
redhat/python<3.11.1
redhat/python<3.10.9
and 51 more
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability
Microsoft Windows Server 2008=sp2
Microsoft Windows Server 2008=r2-sp1
Microsoft Windows Server 2012
Microsoft Windows Server 2012=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
and 26 more
CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Microsoft Windows Server 2008=sp2
Microsoft Windows Server 2008=r2-sp1
Microsoft Windows Server 2012
Microsoft Windows Server 2012=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
and 24 more
CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability
and 24 more
CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could...
Jsoup Jsoup<1.15.3
Netapp Management Services For Element Software
Netapp Management Services For Netapp Hci
NetApp OnCommand Workflow Automation
CVE-2022-37434
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call in...
redhat/zlib<0:1.2.7-21.el7_9
redhat/zlib<0:1.2.11-19.el8_6
redhat/rsync<0:3.1.3-19.el8
redhat/zlib<0:1.2.11-32.el9_0
redhat/rsync<0:3.2.3-18.el9
debian/zlib<=1:1.2.11.dfsg-1<=1:1.2.11.dfsg-4<=1:1.2.11.dfsg-2+deb11u1
and 63 more
CVE-2022-24735
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua ...
Redis Redis<6.2.7
Redis Redis=7.0-rc1
Redis Redis=7.0-rc2
Redis Redis=7.0-rc3
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 6 more
CVE-2022-24736
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will res...
Redis Redis<6.2.7
Redis Redis=7.0-rc1
Redis Redis=7.0-rc2
Redis Redis=7.0-rc3
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 6 more
CVE-2021-42340
Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploi...
redhat/pki-servlet-engine<1:9.0.50-1.el9
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
and 47 more
CVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba...
debian/heimdal<=7.7.0+dfsg-2<=7.5.0+dfsg-3
Samba Samba<4.13.12
Samba Samba>=4.14.0<4.14.8
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Management Services For Element Software
and 21 more
CVE-2021-32762
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large...
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
and 8 more
CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentia...
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 10 more
CVE-2021-32627
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code ex...
redhat/redis<6.2.6
redhat/redis<6.0.16
redhat/redis<5.0.14
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
and 13 more
CVE-2021-32626
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to inc...
redhat/redis<6.2.6
redhat/redis<6.0.16
redhat/redis<5.0.14
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=2.6<5.0.14
and 13 more
CVE-2021-32672
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond th...
Redis Redis>=3.2.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Redhat Software Collections
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
and 10 more
CVE-2021-32687
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrar...
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Fedoraproject Fedora=33
and 13 more
CVE-2021-32675
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which dete...
redhat/redis<6.2.6
redhat/redis<6.0.16
redhat/redis<5.0.14
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
and 13 more
CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite...
redhat/python3<0:3.6.8-45.el8
redhat/python27-python<0:2.7.18-4.el7
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
redhat/python<3.6.14
redhat/python<3.7.11
and 41 more
CVE-2021-28169
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker coul...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 12 more
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a...
maven/org.springframework:spring-web>=5.3.0<=5.3.6
maven/org.springframework:spring-web>=5.2.0<=5.2.14
IBM DRM<=2.0.6
redhat/spring-framework<5.3.7
redhat/spring-framework<5.2.15
VMware Spring Framework>=5.2.0<5.2.15
and 48 more
CVE-2022-0391
Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. ...
redhat/python3<0:3.6.8-47.el8_6
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 31 more
CVE-2020-27223
Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-craf...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
debian/jetty9
redhat/jetty-9.4.37.v20210219 jetty-10.0.1 jetty<11.0.1
IBM Secure Proxy<=6.0.2
and 25 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203