Vulnerabilities > Netapp > Cloud Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
2021-12-16 | CVE-2021-42550 | Deserialization of Untrusted Data vulnerability in multiple products In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | 6.6 |
2021-08-06 | CVE-2021-26998 | Information Exposure Through Log Files vulnerability in Netapp Cloud Manager NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. | 4.3 |
2021-08-06 | CVE-2021-26999 | Information Exposure Through Log Files vulnerability in Netapp Cloud Manager NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. | 4.3 |
2021-06-08 | CVE-2021-31807 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. | 6.5 |
2021-05-27 | CVE-2021-31808 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. | 6.5 |
2021-05-27 | CVE-2021-31806 | Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. | 6.5 |
2021-04-01 | CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. | 5.3 |