Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
7.5
2022-07-05 CVE-2022-2097 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
5.3
2022-07-01 CVE-2022-34903 Injection vulnerability in multiple products
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
network
high complexity
gnupg fedoraproject debian netapp CWE-74
6.5
2022-06-30 CVE-2022-2056 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2057 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2058 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-05-25 CVE-2022-1678 An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
network
low complexity
linux netapp
7.5
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2022-05-24 CVE-2021-3629 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-400
5.9