Vulnerabilities > Netapp > Active IQ Unified Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-2146 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). | 4.9 |
| 2021-04-22 | CVE-2021-2144 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 6.5 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-04-05 | CVE-2021-20305 | Out-of-bounds Write vulnerability in multiple products A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. | 8.1 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2021-03-23 | CVE-2019-19343 | Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. | 5.0 |
| 2021-03-12 | CVE-2021-20231 | Use After Free vulnerability in multiple products A flaw was found in gnutls. | 9.8 |
| 2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 7.5 |
| 2021-02-23 | CVE-2021-20220 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow. | 5.8 |
| 2021-02-15 | CVE-2021-27219 | Incorrect Conversion between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. | 7.5 |