Vulnerabilities > Netapp > Active IQ Unified Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-0865 | Reachable Assertion vulnerability in multiple products Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. | 6.5 |
| 2022-03-04 | CVE-2022-26336 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. | 5.5 |
| 2022-02-16 | CVE-2022-25258 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. | 4.6 |
| 2022-02-16 | CVE-2021-3753 | Out-of-bounds Read vulnerability in multiple products A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). | 4.7 |
| 2022-01-26 | CVE-2021-22570 | NULL Pointer Dereference vulnerability in multiple products Nullptr dereference when a null char is present in a proto symbol. | 5.5 |
| 2022-01-24 | CVE-2022-23437 | Infinite Loop vulnerability in multiple products There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. | 6.5 |
| 2022-01-19 | CVE-2022-21245 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.3 |
| 2022-01-19 | CVE-2022-21253 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
| 2022-01-19 | CVE-2022-21254 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.3 |
| 2022-01-19 | CVE-2022-21256 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). | 4.9 |