Vulnerabilities > Netapp > Active IQ Unified Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-24 CVE-2022-23437 Infinite Loop vulnerability in multiple products
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
network
low complexity
apache oracle netapp CWE-835
6.5
2021-10-28 CVE-2021-22096 In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
network
low complexity
vmware netapp oracle
4.3
2021-07-19 CVE-2021-35043 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected).
network
low complexity
antisamy-project oracle netapp CWE-79
6.1
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
6.5
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
2021-06-02 CVE-2021-3522 Out-of-bounds Read vulnerability in multiple products
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
local
low complexity
gstreamer-project netapp oracle CWE-125
5.5
2021-05-26 CVE-2020-25673 A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.
local
low complexity
linux fedoraproject netapp
5.5
2021-05-14 CVE-2021-3537 NULL Pointer Dereference vulnerability in multiple products
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.
5.9
2021-05-10 CVE-2020-13529 Authentication Bypass by Spoofing vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in Systemd 245.
6.1
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5