Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Snapmanager
(Netapp)| Repositories |
• https://github.com/madler/zlib
• https://github.com/dom4j/dom4j |
| #Vulnerabilities | 180 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-21 | CVE-2020-14779 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,... | Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager_core_package, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14792 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Debian_linux, Epolicy_orchestrator, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14796 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14797 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14798 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14803 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Graalvm, Jdk, Jre | N/A | ||
| 2020-11-16 | CVE-2020-26217 | XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. | Activemq, Debian_linux, Snapmanager, Banking_cash_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_platform, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_virtual_account_management, Business_activity_monitoring, Communications_policy_management, Endeca_information_discovery_studio, Retail_xstore_point_of_service, Xstream | 8.8 | ||
| 2021-01-14 | CVE-2021-23926 | The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. | Xmlbeans, Debian_linux, Oncommand_unified_manager_core_package, Snap_creator_framework, Snapmanager, Middleware_common_libraries_and_tools, Peoplesoft_enterprise_peopletools | 9.1 | ||
| 2021-02-26 | CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | Nifi, Solr, Spark, Debian_linux, Jetty, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Hci, Hci_management_node, Management_services_for_element_software, Snap_creator_framework, Snapcenter, Snapmanager, Solidfire, Rest_data_services | 5.3 | ||
| 2021-05-19 | CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_h410c_firmware, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Snapdrive, Snapmanager, Solidfire, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Mysql_workbench, Openjdk, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Zfs_storage_appliance_kit, Enterprise_linux, Jboss_core_services, Libxml2 | 8.6 |