Vulnerabilities > Netapp > Active IQ Unified Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-21 | CVE-2023-2829 | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. | 7.5 |
| 2023-06-21 | CVE-2023-2911 | Out-of-bounds Write vulnerability in multiple products If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 7.5 |
| 2023-05-30 | CVE-2023-2953 | NULL Pointer Dereference vulnerability in multiple products A vulnerability was found in openldap. | 7.5 |
| 2023-04-25 | CVE-2023-0045 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. | 7.5 |
| 2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2023-02-17 | CVE-2023-24329 | Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 |
| 2023-02-15 | CVE-2023-0361 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. | 7.4 |
| 2022-12-23 | CVE-2022-43551 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. | 7.5 |
| 2022-11-23 | CVE-2022-40304 | Double Free vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. | 7.8 |