netapp oncommand api services - vulnerabilities and exploits

(subscribe to this query)

NetApp OnCommand API Services prior to 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.

Netapp Oncommand Api Services

All versions of OnCommand API Services before 2.1 and NetApp Service Level Manager before 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further ac...

Netapp Oncommand Api Services Netapp Service Level Manager Netapp Service Level Manager 1.0

A flaw exists in FasterXML jackson-databind in all versions prior to 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping(...

Fasterxml Jackson-databind Netapp Oncommand Api Services -Netapp Steelstore Cloud Integrated Storage -Oracle Goldengate Stream Analytics

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Libpng Libpng 1.6.35 Oracle Hyperion Infrastructure Technology 11.1.2.6.0 Oracle Mysql Workbench Netapp Active Iq Unified Manager -Netapp Oncommand Api Services -

A flaw was found in jackson-databind prior to 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Fasterxml Jackson-databind Netapp Active Iq Unified Manager -Netapp Oncommand Api Services -Netapp Oncommand Insight -Netapp Service Level Manager -Apache Nifi Debian Debian Linux 9.0 Oracle Commerce Guided Search And Experience Manager 11.3.2

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request ...

Netty Netty Netapp Oncommand Api Services -Netapp Oncommand Workflow Automation -Debian Debian Linux 10.0 Quarkus Quarkus Apache Kudu Apache Zookeeper 3.5.9 Oracle Communications Cloud Native Core Policy 1.14.0

1 Github repository

Node.js prior to 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijac...

Nodejs Node.js Netapp Active Iq Unified Manager -Netapp Nextgen Api -Netapp Oncommand Insight -Netapp Oncommand Workflow Automation -Netapp Snapcenter -Oracle Graalvm 20.3.3 Oracle Graalvm 21.2.0 Oracle Mysql Cluster Oracle Peoplesoft Enterprise Peopletools 8.57 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59

FasterXML jackson-databind 2.0.0 up to and including 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Fasterxml Jackson-databind Debian Debian Linux 8.0 Netapp Oncommand Api Services -Netapp Oncommand Workflow Automation -Netapp Service Level Manager -Netapp Steelstore Cloud Integrated Storage -Huawei Oceanstor 9000 Firmware V300r006c20 Huawei Oceanstor 9000 Firmware V300r006c20spc100 Huawei Oceanstor 9000 Firmware V300r006c20spc200 Huawei Oceanstor 9000 Firmware V300r006c20spc300 Oracle Global Lifecycle Management Opatch

7 Github repositories

The ZlibDecoders in Netty 4.1.x prior to 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Netty Netty Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 33 Netapp Oncommand Api Services -Netapp Oncommand Insight -Netapp Oncommand Workflow Automation -Oracle Communications Brm - Elastic Charging Engine 12.0.0.3 Oracle Communications Cloud Native Core Service Communication Proxy 1.5.2 Oracle Communications Design Studio 7.4.2 Oracle Nosql Database Oracle Siebel Core - Server Framework

A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

Fasterxml Jackson-databind Netapp Active Iq Unified Manager Netapp Oncommand Api Services -Netapp Oncommand Workflow Automation -Netapp Service Level Manager -Netapp Steelstore Cloud Integrated Storage -Debian Debian Linux 8.0 Redhat Jboss Enterprise Application Platform 7.2 Redhat Jboss Enterprise Application Platform 7.3 Oracle Customer Management And Segmentation Foundation Oracle Goldengate Application Adapters 19.1.0.0.0 Oracle Retail Customer Management And Segmentation Foundation 17.0

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook