Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netapp oncommand workflow automation vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mecha...
Haxx Curl
Fedoraproject Fedora 37
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv3
CVE-2022-43680
In libexpat up to and including 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp Oncommand Workflow Automation -
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Hci Compute Node Firmware -
7.5
CVSSv3
CVE-2022-42003
In FasterXML jackson-databind prior to 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
6 Github repositories
7.5
CVSSv3
CVE-2022-42004
In FasterXML jackson-databind prior to 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
4 Github repositories
7.5
CVSSv3
CVE-2022-1259
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes -
Redhat Build Of Quarkus -
Redhat Integration Camel K -
Redhat Undertow
Redhat Undertow 2.2.18
Redhat Undertow 2.2.19
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Netapp Cloud Secure Agent -
7.5
CVSSv3
CVE-2022-1319
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in th...
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes -
Redhat Undertow 2.3.0
Redhat Undertow 2.2.19
Redhat Undertow 2.2.17
Redhat Undertow
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Netapp Cloud Secure Agent -
7.5
CVSSv3
CVE-2021-3859
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an malicious user to carry out denial of service attacks.
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Undertow
Redhat Single Sign-on 7.5.1
Redhat Single Sign-on 7.4.10
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Cloud Secure Agent -
7.5
CVSSv3
CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerabilit...
Oracle Graalvm 21.3.1
Oracle Graalvm 22.0.0.2
Oracle Jdk 18
Oracle Jdk 17.0.2
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Cloud Insights -
Netapp E-series Santricity Storage Manager -
Netapp E-series Santricity Web Services -
Netapp Solidfire \\& Hci Management Node -
Netapp Santricity Unified Manager -
Netapp Hci Compute Node -
Netapp 7-mode Transition Tool -
Netapp Active Iq Unified Manager -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp E-series Santricity Os Controller 11.0
Azul Zulu 15.38
Azul Zulu 17.32
Azul Zulu 18.28
24 Github repositories
1 Article
7.5
CVSSv3
CVE-2018-25032
zlib prior to 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Zlib Zlib
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Apple Mac Os X
Apple Mac Os X 10.15.7
Apple Macos
Python Python
Mariadb Mariadb
Netapp Oncommand Workflow Automation -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Hci Compute Node -
Netapp Management Services For Element Software -
Netapp E-series Santricity Os Controller
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
5 Github repositories
1 Article
7.5
CVSSv3
CVE-2020-36518
jackson-databind prior to 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Fasterxml Jackson-databind
Oracle Weblogic Server 12.2.1.3.0
Oracle Commerce Platform 11.3.1
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Sd-wan Edge 9.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Global Lifecycle Management Nextgen Oui Framework 13.9.4.2.2
Oracle Primavera Unifier 20.12
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Utilities Framework 4.4.0.3.0
Oracle Sd-wan Edge 9.1
Oracle Commerce Platform 11.3.0
Oracle Commerce Platform 11.3.2
Oracle Primavera Unifier 21.12
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »