Active IQ Unified Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2019-03-27	CVE-2019-10125	Use After Free vulnerability in multiple products An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. network low complexity linux netapp CWE-416 critical	10.0
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-06	CVE-2019-3822	Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. network low complexity haxx canonical debian netapp siemens oracle redhat CWE-787 critical	9.8
2019-02-04	CVE-2019-7317	Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. network high complexity libpng debian canonical oracle hpe hp mozilla opensuse netapp redhat CWE-416	5.3
2019-01-16	CVE-2019-2510	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). network low complexity oracle mariadb redhat netapp canonical	4.0
2019-01-16	CVE-2019-2503	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). oracle mariadb netapp canonical redhat	3.8
2019-01-16	CVE-2019-2455	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). network low complexity oracle canonical mariadb netapp redhat	4.0
2019-01-16	CVE-2019-2435	Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). network oracle netapp	5.8
2018-12-20	CVE-2018-1000873	Improper Input Validation vulnerability in multiple products Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). network low complexity fasterxml oracle netapp CWE-20	6.5