Latest netapp snapmanager sap Vulnerabilities

CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively...
redhat/Spring Framework<5.3.19
redhat/Spring Framework<5.2.21
maven/org.springframework:spring-context<5.2.21
maven/org.springframework:spring-context>=5.3.0<5.3.19
VMware Spring Framework<5.2.0
VMware Spring Framework>=5.2.0<=5.2.20
and 10 more
CVE-2022-21349
An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vec...
Oracle GraalVM=20.3.4
Oracle GraalVM=21.3.0
Oracle JDK=1.7.0-update321
Oracle JDK=1.8.0-update311
Oracle JRE=1.7.0-update321
Oracle JRE=1.8.0-update311
and 130 more
CVE-2022-21271
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13;...
Oracle GraalVM=20.3.4
Oracle GraalVM=21.3.0
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle JDK=1.7.0-update321
Oracle JDK=1.8.0-update311
and 21 more
CVE-2022-21291
A flaw was found in the way the Hotspot component of OpenJDK processed classes with _fields that needed to be written to in Rewriter::scan_method(). A specially-crafted Java class file could use this ...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_2
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_4
and 37 more
CVE-2022-21366
A flaw was found in the way the TIFFFaxDecompressor, TIFFLZWDecompressor, and TIFFPackBitsDecompressor classes implementations in the ImageIO component of OpenJDK handled memory allocations when proce...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_2
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_4
and 32 more
CVE-2022-21340
A flaw was found in the way the Attributes class in the Libraries component of OpenJDK performed reading of attributes with very long values from JAR file manifests. A specially-crafted JAR archive co...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 163 more
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 194 more
CVE-2022-21305
A flaw was found in the way the Hotspot component of OpenJDK handled array indexes on 64-bit x86 platform. A large index could trigger a displacement overflow in LIRGenerator::emit_array_address, poss...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
and 160 more
CVE-2022-21248
An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability imp...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 165 more
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 196 more
CVE-2022-21341
An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 163 more
CVE-2022-21365
An integer overflow flaw was found in the fix applied to the BMPImageReader class implementation in the ImageIO component of OpenJDK to address the <a href="https://access.redhat.com/security/cve/CVE-...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 163 more
CVE-2022-21360
A flaw was found in the way the BMPImageReader class implementation in the ImageIO component of OpenJDK preformed memory allocations when reading palette information from BMP images. A specially-craft...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 163 more
CVE-2022-21277
A flaw was found in the way the TIFFNullDecompressor class implementation in the ImageIO component of OpenJDK performed reading of uncompressed TIFF files. A specially-crafted TIFF image could cause t...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_2
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_4
and 32 more
CVE-2022-21299
A flaw was found in the way the XMLEntityScanner and XML11EntityScanner classes in the JAXP component of OpenJDK handled and normalized newlines in XML entities. A specially-crafted XML document could...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.7.1-ibm-1:1.7.1.5.10-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5
and 166 more
CVE-2022-21296
It was discovered that the XMLEntityManager class implementation in the JAXP component of OpenJDK did not properly perform access checks. A Java application using SAX XML parser in certain configurati...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
and 160 more
CVE-2022-21282
It was discovered that the TransformerImpl class implementation in the JAXP component of OpenJDK did not properly check access restrictions when performing URI resolution. This could possibly lead to ...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
and 160 more
CVE-2022-21294
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown att...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 163 more
CVE-2022-21293
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown att...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
and 164 more
CVE-2022-21283
A flaw was found in the Pattern class implementation in the Libraries component of OpenJDK. A specially crated input could cause the Pattern class to raise an unexpected exception while performing reg...
redhat/java<11-openjdk-1:11.0.14.0.9-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9
redhat/java<17-openjdk-1:17.0.2.0.8-4.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-2.el8_5
redhat/java<1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5
redhat/java<11-openjdk-1:11.0.14.0.9-1.el8_1
and 157 more
CVE-2021-35578
A flaw was found in the SSL logger implementation in the JSSE component of OpenJDK. A malicious client could cause a Java application acting as TLS server to raise an unexpected exception during TLS ...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
redhat/java<17-openjdk-1:17.0.1.0.12-2.el8_5
and 34 more
CVE-2021-35550
An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown a...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 32 more
CVE-2021-35588
A flaw was found in the way the ClassFileParser class implementation in the Hotspot component of OpenJDK performed validation of inner class index values. A specially-crafted class file could cause a...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_1
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_2
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
and 21 more
CVE-2021-35567
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM E...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
redhat/java<17-openjdk-1:17.0.1.0.12-2.el8_5
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_1
and 29 more
CVE-2021-35603
An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown at...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 36 more
CVE-2021-35586
A flaw was found in the way the BMPImageReader class implementation in the ImageIO component of OpenJDK handled memory allocations when processing uncompressed BMP images. A specially-crafted BMP ima...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 36 more
CVE-2021-35564
An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 36 more
CVE-2021-35561
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle Graa...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.7.1-ibm-1:1.7.1.5.10-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.7.10-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 33 more
CVE-2021-35559
A flaw was found in the way the RTFReader class implementation in the Swing component of OpenJDK handled style keyword parameters. A specially crafted Rich Text Format (RTF) file could cause a Java a...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 36 more
CVE-2021-35556
An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack ...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 36 more
CVE-2021-35565
An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack v...
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9
redhat/java<11-openjdk-1:11.0.13.0.8-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.13.0.8-1.el8_4
redhat/java<1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4
and 33 more
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39147
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39149
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39145
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39154
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39146
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39148
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39144
XStream Remote Code Execution Vulnerability
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
XStream XStream
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
and 34 more
CVE-2021-39151
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on ...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39141
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39153
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 27 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-3522
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
Gstreamer Project Gstreamer<1.18.4
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
NetApp E-Series SANtricity OS Controller>=11.0.0<=11.70.1
Netapp E-series Santricity Storage Manager
Netapp E-series Santricity Web Services Web Services Proxy
and 8 more
CVE-2021-29505
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the...
redhat/xstream<0:1.3.1-14.el7_9
debian/libxstream-java
redhat/xstream<1.4.17
Xstream Project Xstream<1.4.17
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 37 more
CVE-2021-3517
A heap-based buffer overflow was found in libxml2 when processing truncated UTF-8 input. Reference: <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/235">https://gitlab.gnome.org/GNOME/libxml...
rubygems/nokogiri<1.11.4
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
and 46 more
CVE-2020-27223
Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-craf...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
debian/jetty9
redhat/jetty-9.4.37.v20210219 jetty-10.0.1 jetty<11.0.1
IBM Secure Proxy<=6.0.2
and 25 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203