Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Active Iq
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24785 5 Debian, Fedoraproject, Momentjs and 2 more 5 Debian Linux, Fedora, Moment and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
CVE-2019-11486 4 Debian, Linux, Netapp and 1 more 10 Debian Linux, Linux Kernel, Active Iq and 7 more 2023-12-10 6.9 MEDIUM 7.0 HIGH
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVE-2018-1000656 2 Netapp, Palletsprojects 4 Active Iq, Hyper Converged Infrastructure, Ontap Select Deploy Utility and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
CVE-2019-3462 3 Canonical, Debian, Netapp 5 Ubuntu Linux, Advanced Package Tool, Debian Linux and 2 more 2023-12-10 9.3 HIGH 8.1 HIGH
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.