Latest netapp snap creator framework Vulnerabilities

CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively...
redhat/Spring Framework<5.3.19
redhat/Spring Framework<5.2.21
maven/org.springframework:spring-context<5.2.21
maven/org.springframework:spring-context>=5.3.0<5.3.19
VMware Spring Framework<5.2.0
VMware Spring Framework>=5.2.0<=5.2.20
and 10 more
CVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from ...
redhat/logback-classic<1.2.9
redhat/candlepin<0:4.1.13-1.el7
redhat/candlepin<0:4.1.13-1.el8
Qos Logback<=1.2.7
Qos Logback=1.3.0-alpha0
Qos Logback=1.3.0-alpha1
and 14 more
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
redhat/ovirt-dependencies<0:4.5.2-1.el8e
VMware Spring Framework>=5.2.0<=5.2.17
VMware Spring Framework>=5.3.0<=5.3.10
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vsphere
Netapp Active Iq Unified Manager Windows
and 6 more
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security co...
redhat/jetty<9.4.43
redhat/jetty<10.0.6
redhat/jetty<11.0.6
Eclipse Jetty>=9.4.37<9.4.43
Eclipse Jetty>=10.0.1<10.0.6
Eclipse Jetty>=11.0.1<11.0.6
and 19 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-28169
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker coul...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 12 more
CVE-2020-27223
Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-craf...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
debian/jetty9
redhat/jetty-9.4.37.v20210219 jetty-10.0.1 jetty<11.0.1
IBM Secure Proxy<=6.0.2
and 25 more
CVE-2021-23901
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web sec...
Apache Nutch<1.18
NetApp Snap Creator Framework
CVE-2021-23926
A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity (XXE) attacks. The highest threat from this...
redhat/xmlbeans<3.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Apache XMLBeans<=2.6.0
NetApp OnCommand Unified Manager Core Package
NetApp Snap Creator Framework
and 8 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-13954
Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleS...
Apache CXF<3.3.8
Apache CXF>=3.4.0<3.4.1
NetApp Snap Creator Framework
Netapp Vasa Provider For Clustered Data Ontap>=9.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
and 14 more
CVE-2020-27216
### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the sh...
redhat/rh-eclipse<1:4.17-6.el7_9
redhat/rh-eclipse-ant<0:1.10.9-1.2.el7
redhat/rh-eclipse-antlr32<0:3.2-28.1.el7
redhat/rh-eclipse-apache-sshd<1:2.4.0-5.1.el7
redhat/rh-eclipse-apiguardian<0:1.1.0-6.1.el7
redhat/rh-eclipse-args4j<0:2.33-12.2.el7
and 108 more
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depen...
maven/org.springframework:spring-framework-bom<4.3.29
maven/org.springframework:spring-framework-bom>=5.0.0<=5.0.18
maven/org.springframework:spring-framework-bom>=5.1.0<=5.1.17
maven/org.springframework:spring-framework-bom>=5.2.0<=5.2.8
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
redhat/springframework<5.2.9
and 80 more
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jackson-databind<0:2.14.1-2.el9
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 88 more
CVE-2020-12723
Perl. This issue was addressed with improved checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
and 21 more
CVE-2020-10878
Perl. This issue was addressed with improved checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
and 25 more
CVE-2020-7656
A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "<script>" HTML tags that contain a whitespace charact...
maven/org.webjars.npm:jquery<1.9.0
rubygems/jquery-rails<2.2.0
nuget/jQuery<1.9.0
npm/jquery<1.9.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 14 more
CVE-2020-11023
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
CVE-2020-11022
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...
rubygems/jquery-rails<4.4.0
maven/org.webjars.npm:jquery>=1.2.0<3.5.0
nuget/jquery>=1.2.0<3.5.0
npm/jquery>=1.2.0<3.5.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 164 more
CVE-2016-5710
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
NetApp Snap Creator Framework<4.3.1
CVE-2019-10246
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a listing of directory contents. By sending a specially-crafted request, a rem...
Eclipse Jetty=9.2.27-20190403
Eclipse Jetty=9.3.26-20190403
Eclipse Jetty=9.4.16-20190411
Microsoft Windows
NetApp OnCommand System Manager>=3.0<=3.1.3
NetApp Snap Creator Framework
and 49 more
CVE-2019-10247
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulner...
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.2.28
redhat/jetty<9.3.27
redhat/jetty<9.4.16
Eclipse Jetty=7.0.0-20091005
and 334 more
CVE-2020-10683
dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remot...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 204 more
CVE-2018-18314
A flaw was found in Perl versions 5.18 through 5.28. A Heap-based buffer overflow Upstream Patch: <a href="https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f">https://gith...
redhat/perl<5.26.3
redhat/perl<5.28.1
ubuntu/perl<5.26.1-6ubuntu0.3
ubuntu/perl<5.26.2-7ubuntu0.1
ubuntu/perl<5.28.1-1
ubuntu/perl<5.22.1-9ubuntu0.6
and 16 more
CVE-2018-18313
A flaw was found in Perl versions 5.22 through 5.26. Heap-buffer-overflow read in regcomp.c Upstream Patch: <a href="https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62">ht...
Apple macOS Mojave<10.14.4
Apple High Sierra
Apple Sierra
redhat/perl<5.26.3
redhat/perl<5.28.1
ubuntu/perl<5.26.1-6ubuntu0.3
and 22 more
CVE-2018-18312
A flaw was found in Perl versions 5.18 through 5.26. A Heap-buffer-overflow write / reg_node overrun
redhat/perl<5.26.3
redhat/perl<5.28.1
ubuntu/perl<5.26.1-6ubuntu0.3
ubuntu/perl<5.26.2-7ubuntu0.1
ubuntu/perl<5.28.1-1
ubuntu/perl<5.22.1-9ubuntu0.6
and 17 more
CVE-2018-18311
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Upstream Patch: <a href="https://github.com/Perl/perl5/commi...
Perl Perl<5.26.3
Perl Perl>=5.28.0<5.28.1
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 35 more
CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...
Apache Tomcat>=7.0.23<=7.0.90
Apache Tomcat>=8.5.0<=8.5.33
Apache Tomcat>=9.0.1<=9.0.11
Apache Tomcat=9.0.0
Apache Tomcat=9.0.0-m1
Apache Tomcat=9.0.0-m10
and 87 more
CVE-2018-1000632
dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could expl...
redhat/dom4j<2.0.3
redhat/dom4j<2.1.1
Dom4j Project Dom4j>=2.0.0<2.0.3
Dom4j Project Dom4j>=2.1.0<2.1.1
Debian Debian Linux=8.0
Oracle FLEXCUBE Investor Servicing=12.0.4
and 31 more
CVE-2017-7657
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
Eclipse Jetty>=9.3.0<9.3.24
and 25 more
CVE-2018-12538
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/...
Eclipse Jetty>=9.4.0<=9.4.8
Netapp E-series Santricity Management Plug-ins
NetApp E-Series SANtricity OS Controller>=11.0<=11.40
Netapp E-series Santricity Web Services Proxy
Netapp Element Software
Netapp Hyper Converged Infrastructure
and 6 more
CVE-2017-7658
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.2.25.
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
and 28 more
CVE-2018-12015
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink an...
Apple macOS Mojave<10.14.4
Apple High Sierra
Apple Sierra
ubuntu/perl<5.26.2-6
ubuntu/perl<5.18.2-2ubuntu1.6
ubuntu/perl<5.22.1-9ubuntu0.5
and 19 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203