Vulnerabilities > Netapp > Snapmanager

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39149 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
8.5
2021-08-23 CVE-2021-39151 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
8.5
2021-08-23 CVE-2021-39153 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
8.5
2021-08-23 CVE-2021-39154 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
8.5
2021-06-22 CVE-2021-34428 Insufficient Session Expiration vulnerability in multiple products
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager.
3.5
2021-06-02 CVE-2021-3522 Out-of-bounds Read vulnerability in multiple products
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
local
low complexity
gstreamer-project netapp oracle CWE-125
5.5
2021-05-28 CVE-2021-29505 Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again.
8.8
2021-05-19 CVE-2021-3517 Out-of-bounds Write vulnerability in multiple products
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
8.6
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
9.1