Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2023-06-21 CVE-2023-2828 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.
network
low complexity
isc debian fedoraproject netapp CWE-770
7.5
2023-06-21 CVE-2023-2829 A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
network
low complexity
isc netapp
7.5
2023-06-21 CVE-2023-2911 Out-of-bounds Write vulnerability in multiple products
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
network
low complexity
isc debian fedoraproject netapp CWE-787
7.5
2023-05-30 CVE-2023-2953 NULL Pointer Dereference vulnerability in multiple products
A vulnerability was found in openldap.
network
low complexity
openldap redhat apple netapp CWE-476
7.5
2023-04-25 CVE-2023-0045 Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall.
network
low complexity
linux debian netapp CWE-610
7.5
2023-04-19 CVE-2023-20862 Incomplete Cleanup vulnerability in multiple products
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions.
network
low complexity
vmware netapp CWE-459
6.3
2023-04-18 CVE-2023-26049 Information Exposure vulnerability in multiple products
Jetty is a java based web server and servlet engine.
network
low complexity
eclipse debian netapp CWE-200
5.3
2023-04-18 CVE-2023-21911 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
network
low complexity
oracle fedoraproject netapp
4.9
2023-04-18 CVE-2023-21919 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
network
low complexity
oracle fedoraproject netapp
4.9
2023-04-18 CVE-2023-21920 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle fedoraproject netapp
4.9