Filtered by vendor Netapp Subscriptions
Filtered by product Active Iq Unified Manager Subscriptions
Total 765 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-15218 6 Canonical, Debian, Linux and 3 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
CVE-2019-15217 6 Canonical, Debian, Linux and 3 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
CVE-2019-15216 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.
CVE-2019-15215 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.
CVE-2019-15213 3 Linux, Netapp, Opensuse 8 Linux Kernel, Active Iq Unified Manager, Data Availability Services and 5 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-15212 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
CVE-2019-15211 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 4.6 Medium
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.
CVE-2019-15118 5 Canonical, Debian, Linux and 2 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2024-11-21 5.5 Medium
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
CVE-2019-15098 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2024-11-21 4.6 Medium
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
CVE-2019-14888 2 Netapp, Redhat 10 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 7 more 2024-11-21 7.5 High
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
CVE-2019-14379 7 Apple, Debian, Fasterxml and 4 more 37 Xcode, Debian Linux, Jackson-databind and 34 more 2024-11-21 9.8 Critical
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVE-2019-13990 6 Apache, Atlassian, Netapp and 3 more 35 Tomee, Jira Service Management, Active Iq Unified Manager and 32 more 2024-11-21 9.8 Critical
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CVE-2019-13272 6 Canonical, Debian, Fedoraproject and 3 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2024-11-21 7.8 High
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVE-2019-13118 7 Apple, Canonical, Fedoraproject and 4 more 25 Icloud, Iphone Os, Itunes and 22 more 2024-11-21 5.3 Medium
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVE-2019-12615 2 Linux, Netapp 10 Linux Kernel, Active Iq Unified Manager, Aff A700s and 7 more 2024-11-21 7.5 High
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVE-2019-11815 5 Canonical, Debian, Linux and 2 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2024-11-21 8.1 High
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
CVE-2019-11068 8 Canonical, Debian, Fedoraproject and 5 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2024-11-21 9.8 Critical
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-10744 5 F5, Lodash, Netapp and 2 more 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 23 more 2024-11-21 9.1 Critical
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-10219 3 Netapp, Oracle, Redhat 199 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 196 more 2024-11-21 6.1 Medium
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2019-10212 2 Netapp, Redhat 9 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 6 more 2024-11-21 9.8 Critical
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.