Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2021-10-20 CVE-2021-35588 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
network
high complexity
oracle netapp fedoraproject debian
3.1
2021-09-26 CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. 7.0
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2021-08-16 CVE-2021-22931 Improper Input Validation vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
network
low complexity
nodejs netapp oracle siemens CWE-20
critical
9.8
2021-08-05 CVE-2021-22926 Improper Certificate Validation vulnerability in multiple products
libcurl-using applications can ask for a specific client certificate to be used in a transfer.
network
low complexity
haxx netapp oracle siemens splunk CWE-295
7.5
2021-07-22 CVE-2021-35942 Integer Overflow or Wraparound vulnerability in multiple products
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information.
network
low complexity
gnu netapp debian CWE-190
critical
9.1
2021-07-22 CVE-2021-36222 NULL Pointer Dereference vulnerability in multiple products
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash.
network
low complexity
mit debian netapp oracle CWE-476
5.0
2021-07-21 CVE-2021-2372 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
network
high complexity
oracle netapp fedoraproject mariadb
4.4
2021-07-21 CVE-2021-2389 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
network
high complexity
oracle netapp fedoraproject mariadb
5.9
2021-07-19 CVE-2021-35043 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected).
network
low complexity
antisamy-project oracle netapp CWE-79
6.1