Vulnerabilities > Netapp > Active IQ Unified Manager > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-02 | CVE-2020-9548 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | 9.8 |
2020-01-03 | CVE-2019-20330 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | 9.8 |
2019-11-07 | CVE-2019-18805 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. | 9.8 |
2019-10-07 | CVE-2019-17267 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 9.8 |
2019-10-01 | CVE-2019-16942 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-10-01 | CVE-2019-16943 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | 9.8 |
2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
2019-07-26 | CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. | 9.1 |