Vulnerabilities > Netapp > Active IQ Unified Manager > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-19 CVE-2022-21449 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
network
low complexity
oracle debian netapp azul
7.5
2022-04-19 CVE-2022-21476 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
network
low complexity
oracle netapp debian azul
7.5
2022-04-13 CVE-2015-20107 Command Injection vulnerability in multiple products
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file.
network
low complexity
python netapp fedoraproject CWE-77
7.6
2022-04-08 CVE-2022-28796 Race Condition vulnerability in multiple products
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
local
high complexity
linux redhat fedoraproject netapp CWE-362
7.0
2022-03-25 CVE-2018-25032 Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
2022-03-16 CVE-2022-27223 Improper Validation of Array Index vulnerability in multiple products
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
network
low complexity
linux netapp debian CWE-129
8.8
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
2022-03-10 CVE-2022-26488 Untrusted Search Path vulnerability in multiple products
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured.
local
high complexity
python netapp CWE-426
7.0
2022-03-10 CVE-2022-0891 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
network
low complexity
libtiff debian fedoraproject netapp CWE-787
7.1
2022-02-26 CVE-2022-23308 Use After Free vulnerability in multiple products
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5