Vulnerabilities > Netapp > Active IQ Unified Manager > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-5517 Reachable Assertion vulnerability in multiple products
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
netapp fedoraproject isc CWE-617
7.5
2024-02-13 CVE-2023-5679 A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
netapp fedoraproject isc
7.5
2024-02-13 CVE-2023-6516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database.
network
low complexity
isc netapp CWE-770
7.5
2024-01-16 CVE-2024-0567 Improper Verification of Cryptographic Signature vulnerability in multiple products
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust.
network
low complexity
gnu fedoraproject netapp debian CWE-347
7.5
2023-11-03 CVE-2023-31102 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
local
low complexity
7-zip netapp CWE-191
7.8
2023-11-01 CVE-2023-5178 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel.
network
low complexity
linux redhat netapp CWE-416
8.8
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-08-23 CVE-2023-41105 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Python 3.11 through 3.11.4.
network
low complexity
python netapp CWE-426
7.5
2023-07-20 CVE-2022-28734 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.
network
high complexity
gnu netapp CWE-787
7.0
2023-06-21 CVE-2023-2828 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.
network
low complexity
isc debian fedoraproject netapp CWE-770
7.5