Vulnerabilities > Netapp > Active IQ Unified Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2020-19187 Out-of-bounds Write vulnerability in multiple products
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
network
low complexity
gnu netapp CWE-787
6.5
2023-08-07 CVE-2023-36054 Access of Uninitialized Pointer vulnerability in multiple products
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer.
network
low complexity
mit debian netapp CWE-824
6.5
2023-06-30 CVE-2023-3338 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol.
network
low complexity
linux netapp debian CWE-476
6.5
2023-04-19 CVE-2023-20862 Incomplete Cleanup vulnerability in multiple products
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions.
network
low complexity
vmware netapp CWE-459
6.3
2023-04-18 CVE-2023-26049 Jetty is a java based web server and servlet engine.
network
low complexity
eclipse debian netapp
5.3
2023-03-30 CVE-2023-27535 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27536 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27537 Double Free vulnerability in multiple products
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles".
network
high complexity
haxx netapp broadcom splunk CWE-415
5.9
2023-03-30 CVE-2023-27538 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse.
5.5
2023-03-16 CVE-2023-28486 Improper Encoding or Escaping of Output vulnerability in multiple products
Sudo before 1.9.13 does not escape control characters in log messages.
network
low complexity
sudo-project netapp CWE-116
5.3