Vulnerabilities > Netapp > Active IQ Unified Manager > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-14 | CVE-2020-14061 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | 8.1 |
2020-06-09 | CVE-2020-10757 | Type Confusion vulnerability in multiple products A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. | 7.8 |
2020-04-30 | CVE-2020-1752 | Use After Free vulnerability in multiple products A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. | 7.0 |
2020-04-29 | CVE-2020-11884 | Race Condition vulnerability in multiple products In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. | 7.0 |
2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
2020-04-15 | CVE-2020-2805 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 8.3 |
2020-04-15 | CVE-2020-2803 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 8.3 |
2020-04-07 | CVE-2020-11620 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 8.1 |
2020-04-07 | CVE-2020-11619 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | 8.1 |
2020-02-25 | CVE-2020-9383 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel 3.16 through 5.5.6. | 7.1 |