Active IQ Unified Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-12	CVE-2022-22970	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. network high complexity vmware oracle netapp CWE-770	5.3
2022-05-06	CVE-2022-24823	Netty is an open-source, asynchronous event-driven network application framework. local low complexity netty oracle netapp	5.5
2022-05-06	CVE-2022-24903	Improper Validation of Specified Quantity in Input vulnerability in multiple products Rsyslog is a rocket-fast system for log processing. network high complexity rsyslog fedoraproject debian netapp CWE-1284	8.1
2022-05-03	CVE-2022-1292	OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. network low complexity openssl debian netapp oracle fedoraproject CWE-78 critical	9.8
2022-05-03	CVE-2022-1343	Improper Certificate Validation vulnerability in multiple products The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. network low complexity openssl netapp CWE-295	5.3
2022-05-03	CVE-2022-1434	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. network high complexity openssl netapp CWE-327	5.9
2022-05-03	CVE-2022-1473	Incomplete Cleanup vulnerability in multiple products The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. network low complexity openssl netapp CWE-459	7.5
2022-05-03	CVE-2022-29824	Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer overflows. network low complexity xmlsoft fedoraproject debian netapp oracle CWE-190	6.5
2022-05-01	CVE-2022-25647	Deserialization of Untrusted Data vulnerability in multiple products The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. network low complexity google debian netapp oracle CWE-502	7.5
2022-04-27	CVE-2022-24891	ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. network low complexity owasp oracle netapp	6.1