Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-28 | CVE-2022-23239 | Cross-site Scripting vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. | 4.8 |
| 2023-02-28 | CVE-2022-23240 | Unspecified vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. | 6.5 |
| 2023-02-25 | CVE-2023-26545 | Double Free vulnerability in multiple products In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | 4.7 |
| 2023-02-23 | CVE-2023-23915 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. | 6.5 |
| 2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
| 2023-02-17 | CVE-2023-0482 | Creation of Temporary File With Insecure Permissions vulnerability in multiple products In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 |
| 2023-02-03 | CVE-2023-25136 | Double Free vulnerability in multiple products OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. | 6.5 |
| 2022-12-05 | CVE-2022-35260 | Out-of-bounds Write vulnerability in multiple products curl can be told to parse a `.netrc` file for credentials. | 6.5 |
| 2022-11-25 | CVE-2022-45887 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.9. | 4.7 |
| 2022-11-25 | CVE-2022-45888 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.9. | 6.4 |