Snapmanager

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-22	CVE-2019-10247	Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. network low complexity eclipse netapp oracle debian CWE-200	5.3
2019-04-22	CVE-2019-10246	Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. network low complexity eclipse netapp oracle CWE-200	5.3
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2019-02-04	CVE-2019-7317	Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. network high complexity libpng debian canonical oracle hpe hp mozilla opensuse netapp redhat CWE-416	5.3
2019-01-16	CVE-2019-2449	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network high complexity oracle redhat netapp	2.6
2019-01-16	CVE-2019-2426	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). network high complexity oracle netapp opensuse hp	3.7
2019-01-16	CVE-2019-2422	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle canonical netapp redhat debian opensuse hp	3.1
2018-08-20	CVE-2018-1000632	XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. network low complexity dom4j-project debian oracle redhat netapp CWE-91	7.5
2018-07-18	CVE-2018-2973	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). network oracle redhat netapp hp	4.3
2018-07-18	CVE-2018-2964	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network high complexity oracle netapp	5.1