Vulnerabilities > Netapp > Active IQ Unified Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-21971 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 5.3 |
| 2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2023-03-30 | CVE-2023-27535 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 5.9 |
| 2023-03-30 | CVE-2023-27536 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. | 5.9 |
| 2023-03-30 | CVE-2023-27537 | Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". | 5.9 |
| 2023-03-30 | CVE-2023-27538 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. | 5.5 |
| 2023-03-16 | CVE-2023-28486 | Improper Encoding or Escaping of Output vulnerability in multiple products Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 |
| 2023-03-16 | CVE-2023-28487 | Improper Encoding or Escaping of Output vulnerability in multiple products Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 |
| 2023-02-28 | CVE-2022-23239 | Cross-site Scripting vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. | 4.8 |