Vulnerabilities > Netapp > Active IQ Unified Manager > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-24407 SQL Injection vulnerability in multiple products
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
8.8
2022-02-18 CVE-2021-20322 Use of Insufficiently Random Values vulnerability in multiple products
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports.
network
high complexity
linux fedoraproject debian netapp oracle CWE-330
7.4
2022-02-09 CVE-2022-0391 Injection vulnerability in multiple products
A flaw was found in Python, specifically within the urllib.parse module.
network
low complexity
python netapp fedoraproject oracle CWE-74
7.5
2022-02-04 CVE-2022-23913 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
network
low complexity
apache netapp CWE-770
7.5
2022-01-06 CVE-2021-46143 Integer Overflow or Wraparound vulnerability in multiple products
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
7.8
2022-01-01 CVE-2021-45960 Incorrect Calculation vulnerability in multiple products
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
8.8
2021-11-15 CVE-2021-43618 Integer Overflow or Wraparound vulnerability in multiple products
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
network
low complexity
gmplib debian netapp CWE-190
7.5
2021-09-26 CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. 7.0
2021-08-05 CVE-2021-22926 Improper Certificate Validation vulnerability in multiple products
libcurl-using applications can ask for a specific client certificate to be used in a transfer.
network
low complexity
haxx netapp oracle siemens splunk CWE-295
7.5
2021-07-22 CVE-2021-36222 NULL Pointer Dereference vulnerability in multiple products
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash.
network
low complexity
mit debian netapp oracle CWE-476
7.5