Active IQ Unified Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-02	CVE-2021-3520	Integer Overflow or Wraparound vulnerability in multiple products There's a flaw in lz4. network low complexity lz4-project netapp oracle splunk CWE-190 critical	9.8
2021-05-26	CVE-2020-25670	Use After Free vulnerability in multiple products A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. local low complexity linux fedoraproject netapp debian CWE-416	7.8
2021-05-26	CVE-2020-25671	Use After Free vulnerability in multiple products A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. local low complexity linux fedoraproject netapp debian CWE-416	7.8
2021-05-26	CVE-2020-25673	Resource Exhaustion vulnerability in multiple products A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. local low complexity linux fedoraproject netapp CWE-400	5.5
2021-05-25	CVE-2020-25672	Memory Leak vulnerability in multiple products A memory leak vulnerability was found in Linux kernel in llcp_sock_connect network low complexity linux fedoraproject debian netapp CWE-401	7.5
2021-05-19	CVE-2021-3517	Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. network low complexity xmlsoft redhat fedoraproject debian netapp oracle CWE-787	8.6
2021-05-18	CVE-2021-3518	Use After Free vulnerability in multiple products There's a flaw in libxml2 in versions before 2.9.11. network low complexity xmlsoft debian redhat fedoraproject netapp oracle CWE-416	8.8
2021-05-14	CVE-2021-3537	NULL Pointer Dereference vulnerability in multiple products A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. network high complexity xmlsoft redhat debian fedoraproject netapp oracle CWE-476	5.9
2021-05-10	CVE-2020-13529	Authentication Bypass by Spoofing vulnerability in multiple products An exploitable denial-of-service vulnerability exists in Systemd 245. high complexity systemd-project fedoraproject netapp CWE-290	6.1
2021-04-29	CVE-2021-25215	Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. network low complexity debian isc fedoraproject netapp oracle siemens CWE-617	7.5