Vulnerabilities > Netapp > Active IQ Unified Manager > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-05-25 CVE-2022-1678 An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
network
low complexity
linux netapp
7.5
2022-05-06 CVE-2022-24903 Improper Validation of Specified Quantity in Input vulnerability in multiple products
Rsyslog is a rocket-fast system for log processing.
network
high complexity
rsyslog fedoraproject debian netapp CWE-1284
8.1
2022-05-03 CVE-2022-1473 Incomplete Cleanup vulnerability in multiple products
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries.
network
low complexity
openssl netapp CWE-459
7.5
2022-05-01 CVE-2022-25647 Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
network
low complexity
google debian netapp oracle CWE-502
7.5
2022-04-13 CVE-2015-20107 Command Injection vulnerability in multiple products
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file.
network
low complexity
python netapp fedoraproject CWE-77
7.6
2022-04-08 CVE-2022-28796 Race Condition vulnerability in multiple products
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
local
high complexity
linux redhat fedoraproject netapp CWE-362
7.0
2022-03-25 CVE-2018-25032 Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
2022-03-16 CVE-2022-27223 Improper Validation of Array Index vulnerability in multiple products
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
network
low complexity
linux netapp debian CWE-129
8.8
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5