Vulnerabilities > Netapp > Active IQ Unified Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-2307 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging).
local
low complexity
oracle netapp
6.1
2021-04-22 CVE-2021-2178 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
network
low complexity
oracle fedoraproject netapp
6.5
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-02-23 CVE-2021-20220 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-444
4.8
2021-02-08 CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
local
low complexity
netty debian quarkus oracle netapp
5.5
2020-12-09 CVE-2020-29660 Improper Locking vulnerability in multiple products
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
4.4
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-12-03 CVE-2020-25711 Missing Authorization vulnerability in multiple products
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations.
network
low complexity
infinispan redhat netapp CWE-862
6.5
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
network
low complexity
apache quarkus oracle netapp
5.3