Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2021-04-05 CVE-2021-20305 Out-of-bounds Write vulnerability in multiple products
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. 		8.1
8.1
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. 		5.9
5.9
2021-03-23 CVE-2019-19343 Improper Resource Shutdown or Release vulnerability in multiple products
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4.
network
low complexity
redhat netapp CWE-404
7.5
7.5
2021-03-12 CVE-2021-20231 A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject netapp
critical
 9.8
9.8
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
7.5
2021-02-23 CVE-2021-20220 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-444
4.8
4.8
2021-02-15 CVE-2021-27219 Incorrect Conversion between Numeric Types vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3.
network
low complexity
gnome fedoraproject debian netapp broadcom CWE-681
7.5
7.5
2021-02-15 CVE-2021-27218 Incorrect Conversion between Numeric Types vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4.
network
low complexity
gnome fedoraproject debian netapp broadcom CWE-681
7.5
7.5
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
7.2
7.2
2021-02-08 CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
local
low complexity
netty debian quarkus oracle netapp
5.5
5.5