Vulnerabilities > Netapp > Active IQ Unified Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2024-8372 Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.
network
low complexity
angularjs netapp
4.3
4.3
2024-09-09 CVE-2024-8373 Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.
network
low complexity
angularjs netapp
4.3
4.3
2024-02-29 CVE-2024-26462 Memory Leak vulnerability in multiple products
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
local
low complexity
mit netapp CWE-401
5.5
5.5
2023-10-14 CVE-2023-45862 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5.
local
low complexity
linux netapp CWE-770
5.5
5.5
2023-10-05 CVE-2023-40745 Integer Overflow or Wraparound vulnerability in multiple products
LibTIFF is vulnerable to an integer overflow.
network
low complexity
libtiff fedoraproject redhat netapp CWE-190
6.5
6.5
2023-09-12 CVE-2023-4813 Use After Free vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-416
5.9
5.9
2023-08-22 CVE-2020-19188 Out-of-bounds Write vulnerability in multiple products
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
network
low complexity
gnu netapp CWE-787
6.5
6.5
2023-08-22 CVE-2020-19189 Out-of-bounds Write vulnerability in multiple products
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
network
low complexity
gnu netapp debian CWE-787
6.5
6.5
2023-08-22 CVE-2020-19190 Out-of-bounds Write vulnerability in multiple products
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
network
low complexity
gnu netapp CWE-787
6.5
6.5
2023-08-22 CVE-2022-48564 Resource Exhaustion vulnerability in multiple products
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
network
low complexity
python netapp CWE-400
6.5
6.5