Vulnerabilities > Netapp > Snapmanager

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2019-10247 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path.
network
low complexity
eclipse netapp oracle debian CWE-200
5.3
2019-04-22 CVE-2019-10246 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents.
network
low complexity
eclipse netapp oracle CWE-200
5.3
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2019-01-16 CVE-2019-2449 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle redhat netapp
2.6
2019-01-16 CVE-2019-2426 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle netapp opensuse hp
3.7
2019-01-16 CVE-2019-2422 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp redhat debian opensuse hp
3.1
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-07-18 CVE-2018-2973 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). 4.3
2018-07-18 CVE-2018-2964 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle netapp
5.1