Vulnerabilities > Netapp > Active IQ Unified Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2021-3629 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
| 2022-05-19 | CVE-2022-22976 | Integer Overflow or Wraparound vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. | 5.3 |
| 2022-05-12 | CVE-2022-22970 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | 5.3 |
| 2022-05-06 | CVE-2022-24823 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework. | 5.5 |
| 2022-05-03 | CVE-2022-1343 | Improper Certificate Validation vulnerability in multiple products The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. | 5.3 |
| 2022-05-03 | CVE-2022-1434 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. | 5.9 |
| 2022-05-03 | CVE-2022-29824 | Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. | 6.5 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-04-19 | CVE-2022-21412 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
| 2022-04-19 | CVE-2022-21413 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.0 |