CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23239
https://notcve.org/view.php?id=CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. • https://security.netapp.com/advisory/ntap-20220901-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23240
https://notcve.org/view.php?id=CVE-2022-23240
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. • https://security.netapp.com/advisory/ntap-20220901-0002 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23235
https://notcve.org/view.php?id=CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. Active IQ Unified Manager para VMware vSphere, Linux y Microsoft Windows versiones anteriores a 9.10P1, son susceptibles de sufrir una vulnerabilidad que podría permitir a un atacante detectar información específica del clúster, del nodo y de Active IQ Unified Manager por medio de los datos de telemetría de AutoSupport que son enviados incluso cuando AutoSupport ha sido deshabilitado. • https://security.netapp.com/advisory/ntap-20220324-0001 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14775 – mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14775
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6 https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20201023-0003 https://www.oracle.com/security-alerts/cpuoct2020.html https://acces •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8574
https://notcve.org/view.php?id=CVE-2020-8574
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. Active IQ Unified Manager para Linux versiones anteriores a 9.6, incluido con el servicio Java Management Extension Remote Method Invocation (JMX RMI) habilitado permite una ejecución de código no autorizado a usuarios locales • https://security.netapp.com/advisory/ntap-20200803-0001 •