Vulnerabilities > Netapp > Active IQ Unified Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-31102 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | 7.8 |
| 2023-08-23 | CVE-2023-41105 | Untrusted Search Path vulnerability in multiple products An issue was discovered in Python 3.11 through 3.11.4. | 7.5 |
| 2023-07-20 | CVE-2022-28734 | Out-of-bounds Write vulnerability in multiple products Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. | 7.0 |
| 2023-06-21 | CVE-2023-2828 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. | 7.5 |
| 2023-06-21 | CVE-2023-2829 | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. | 7.5 |
| 2023-06-21 | CVE-2023-2911 | Out-of-bounds Write vulnerability in multiple products If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 7.5 |
| 2023-05-30 | CVE-2023-2953 | NULL Pointer Dereference vulnerability in multiple products A vulnerability was found in openldap. | 7.5 |
| 2023-04-25 | CVE-2023-0045 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. | 7.5 |
| 2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |