Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2022-21341 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).
network
low complexity
oracle netapp debian
5.3
2022-01-19 CVE-2022-21360 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
network
low complexity
oracle netapp debian
5.3
2022-01-19 CVE-2022-21365 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
network
low complexity
oracle debian netapp
5.3
2022-01-19 CVE-2022-21366 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
network
low complexity
oracle netapp debian
5.3
2022-01-06 CVE-2021-46143 Integer Overflow or Wraparound vulnerability in multiple products
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
7.8
2022-01-01 CVE-2021-45960 Incorrect Calculation vulnerability in multiple products
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
8.8
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0
2021-11-15 CVE-2021-43618 Integer Overflow or Wraparound vulnerability in multiple products
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
network
low complexity
gmplib debian netapp CWE-190
7.5
2021-10-28 CVE-2021-22096 In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
network
low complexity
vmware netapp oracle
4.3
2021-10-20 CVE-2021-35603 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).
network
high complexity
oracle netapp debian fedoraproject
3.7