VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Netapp
> Snap Creator Framework
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2020-11-28
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse
netapp
oracle
apache
debian
4.8
4.8
2020-11-12
CVE-2020-13954
Cross-site Scripting vulnerability in multiple products
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses.
network
low complexity
apache
netapp
oracle
CWE-79
6.1
6.1
2020-10-23
CVE-2020-27216
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse
netapp
oracle
apache
debian
7.0
7.0
2020-09-19
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware
oracle
netapp
6.5
6.5
2020-06-05
CVE-2020-12723
Classic Buffer Overflow vulnerability in multiple products
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
network
low complexity
perl
netapp
fedoraproject
opensuse
oracle
CWE-120
7.5
7.5
2020-06-05
CVE-2020-10878
Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation.
network
low complexity
perl
fedoraproject
opensuse
netapp
oracle
CWE-190
8.6
8.6
2020-05-19
CVE-2020-7656
Cross-site Scripting vulnerability in multiple products
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method.
network
low complexity
jquery
oracle
netapp
juniper
CWE-79
6.1
6.1
2020-05-01
CVE-2020-10683
XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project
oracle
opensuse
netapp
canonical
CWE-611
critical
9.8
9.8
2020-04-29
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
network
low complexity
jquery
drupal
debian
fedoraproject
oracle
netapp
opensuse
tenable
6.1
6.1
2020-04-29
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
network
low complexity
jquery
debian
fedoraproject
drupal
oracle
netapp
tenable
6.1
6.1
«
Previous
1
2
(current)
3
4
5
»
Next