Active Iq Unified Manager

active_iq_unified_manager

Vendor: Netapp • 848 CVEs

CVEs (848)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14145 2Netapp Openbsd 9Active Iq Unified Manager Aff A700s FirmwareHci Compute Node+6 more Dec 18, 2025 Jun 29, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where n...Show more The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.Show less
CVE-2020-14195 4Debian FasterxmlNetapp+1 more 14Active Iq Unified Manager Agile PlmBanking Digital Experience+11 more Nov 21, 2024 Jun 16, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CVE-2020-4051 3Debian NetappOpenjsf 6Active Iq Unified Manager Debian LinuxDijit+3 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater...Show more In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.Show less
CVE-2020-14155 6Apple GitlabNetapp+3 more 15Active Iq Unified Manager Cloud BackupClustered Data Ontap+12 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-14060 3Fasterxml NetappOracle 12Active Iq Unified Manager Agile PlmBanking Digital Experience+9 more Apr 29, 2026 Jun 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVE-2020-14062 4Debian FasterxmlNetapp+1 more 13Active Iq Unified Manager Agile PlmBanking Digital Experience+10 more Apr 29, 2026 Jun 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVE-2020-14061 4Debian FasterxmlNetapp+1 more 15Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+12 more Aug 27, 2025 Jun 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms....Show more FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).Show less
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-10757 7Canonical DebianFedoraproject+4 more 10Active Iq Unified Manager Cloud BackupDebian Linux+7 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2020-13776 3Fedoraproject NetappSystemd Project 4Active Iq Unified Manager FedoraSolidfire & Hci Management Node+1 more Jun 9, 2025 Jun 3, 2020 N/A· v4 6.7 MEDIUM· v3 6.2 MEDIUM· v2 systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. N...Show more systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.Show less
CVE-2020-10719 2Netapp Redhat 8Active Iq Unified Manager FuseJboss Enterprise Application Platform+5 more Nov 21, 2024 May 26, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
CVE-2020-7656 4Jquery JuniperNetapp+1 more 7Active Iq Unified Manager Cloud BackupJquery+4 more Nov 21, 2024 May 19, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in t...Show more jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.Show less
CVE-2020-13143 5Canonical DebianLinux+2 more 24A700s Firmware Active Iq Unified ManagerBootstrap Os+21 more Nov 21, 2024 May 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out...Show more gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.Show less
CVE-2020-12888 6Canonical DebianFedoraproject+3 more 25A700s Firmware Active Iq Unified ManagerBootstrap Os+22 more Nov 21, 2024 May 15, 2020 N/A· v4 5.3 MEDIUM· v3 4.7 MEDIUM· v2 The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2020-12771 6Canonical DebianLinux+3 more 24A700s Firmware Active Iq Unified ManagerCloud Backup+21 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12770 5Canonical DebianFedoraproject+2 more 23A700s Firmware Active Iq Unified ManagerBootstrap Os+20 more Nov 21, 2024 May 9, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12769 5Canonical DebianLinux+2 more 23A700s Firmware Active Iq Unified ManagerCloud Backup+20 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-10690 6Canonical DebianLinux+3 more 22Active Iq Unified Manager Debian LinuxElement Software+19 more Nov 21, 2024 May 8, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /d...Show more There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.Show less
CVE-2020-12659 2Linux Netapp 8Active Iq Unified Manager Aff Baseboard Management ControllerCloud Backup+5 more Nov 21, 2024 May 5, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2020-12653 4Debian LinuxNetapp+1 more 22A700s Firmware Active Iq Unified ManagerCloud Backup+19 more Nov 21, 2024 May 5, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an...Show more An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.Show less

Previous 1...272829...43 Next