Active IQ Unified Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-13	CVE-2021-35515	Infinite Loop vulnerability in multiple products When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. network low complexity apache netapp oracle CWE-835	7.5
2021-07-13	CVE-2021-35516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache netapp oracle CWE-770	7.5
2021-07-13	CVE-2021-35517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache netapp oracle CWE-770	7.5
2021-07-13	CVE-2021-36090	When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache oracle netapp	7.5
2021-07-09	CVE-2021-3541	XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. network low complexity xmlsoft redhat oracle netapp CWE-776	4.0
2021-06-22	CVE-2021-34428	Insufficient Session Expiration vulnerability in multiple products For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. low complexity eclipse debian netapp oracle CWE-613	3.5
2021-06-11	CVE-2021-22901	Use After Free vulnerability in multiple products curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. network high complexity haxx oracle netapp siemens splunk CWE-416	8.1
2021-06-09	CVE-2021-28169	For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. network low complexity eclipse debian oracle netapp	5.3
2021-06-02	CVE-2021-3522	Out-of-bounds Read vulnerability in multiple products GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. local low complexity gstreamer-project netapp oracle CWE-125	5.5
2021-06-02	CVE-2021-3520	Integer Overflow or Wraparound vulnerability in multiple products There's a flaw in lz4. network low complexity lz4-project netapp oracle splunk CWE-190 critical	9.8