Netapp

Snapmanager

180 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2021-39148

Exploit
  • EPSS 0.57%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:48:30

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39149

Exploit
  • EPSS 0.68%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:50:01

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39151

Exploit
  • EPSS 0.68%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:49:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.8

CVE-2021-39139

  • EPSS 0.8%
  • Veröffentlicht 23.08.2021 18:15:10
  • Zuletzt bearbeitet 23.05.2025 16:52:49

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user ...

3.6

CVE-2021-34428

  • EPSS 0.51%
  • Veröffentlicht 22.06.2021 15:15:16
  • Zuletzt bearbeitet 21.11.2024 06:10:23

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and mul...

5.5

CVE-2021-3522

  • EPSS 0.11%
  • Veröffentlicht 02.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:45

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

8.8

CVE-2021-29505

  • EPSS 90.77%
  • Veröffentlicht 28.05.2021 21:15:08
  • Zuletzt bearbeitet 30.05.2025 00:15:20

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input str...

8.6

CVE-2021-3517

  • EPSS 0.09%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

5.3

CVE-2020-27223

  • EPSS 33.82%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 20.08.2025 10:15:27

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) ...

9.1

CVE-2021-23926

  • EPSS 0.32%
  • Veröffentlicht 14.01.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:03

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.