Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2022-10-21 CVE-2022-3627 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp debian CWE-787
6.5
2022-09-21 CVE-2022-38177 Memory Leak vulnerability in multiple products
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak.
network
low complexity
isc debian fedoraproject netapp CWE-401
7.5
2022-09-21 CVE-2022-38178 Memory Leak vulnerability in multiple products
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak.
network
low complexity
isc debian fedoraproject netapp CWE-401
7.5
2022-09-09 CVE-2022-2526 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in systemd.
network
low complexity
systemd-project netapp CWE-416
critical
9.8
2022-09-01 CVE-2022-2764 A flaw was found in Undertow.
network
low complexity
redhat netapp
4.9
2022-08-31 CVE-2022-1259 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
low complexity
redhat netapp CWE-400
7.5
2022-08-31 CVE-2022-1319 Unchecked Return Value vulnerability in multiple products
A flaw was found in Undertow.
network
low complexity
redhat netapp CWE-252
7.5
2022-08-29 CVE-2022-1199 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel.
network
low complexity
linux redhat netapp CWE-416
7.5
2022-08-25 CVE-2022-23235 Unspecified vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
network
low complexity
netapp
5.3
2022-08-24 CVE-2021-4209 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in GnuTLS.
network
low complexity
gnu redhat netapp CWE-476
6.5