Vulnerabilities > Netapp > Active IQ Unified Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2022-26336 A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception.
local
low complexity
apache netapp
5.5
5.5
2022-02-16 CVE-2022-25258 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. 		4.6
4.6
2022-02-16 CVE-2021-3753 A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE).
local
high complexity
linux redhat netapp
4.7
4.7
2022-01-26 CVE-2021-22570 NULL Pointer Dereference vulnerability in multiple products
Nullptr dereference when a null char is present in a proto symbol. 		5.5
5.5
2022-01-24 CVE-2022-23437 Infinite Loop vulnerability in multiple products
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
network
low complexity
apache oracle netapp CWE-835
6.5
6.5
2021-10-28 CVE-2021-22096 In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
network
low complexity
vmware netapp oracle
4.3
4.3
2021-07-19 CVE-2021-35043 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected).
network
low complexity
antisamy-project oracle netapp CWE-79
6.1
6.1
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
6.5
6.5
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
5.3
2021-06-02 CVE-2021-3522 Out-of-bounds Read vulnerability in multiple products
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
local
low complexity
gstreamer-project netapp oracle CWE-125
5.5
5.5