Lucene search
K
NetappSnap Creator Framework

42 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7579 views

CVE-2020-11022

CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.

6.9CVSS6.7AI score0.99019EPSS
In wild
CVE
CVE
added 2020/04/29 12:0 a.m.7200 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.8383EPSS
In wild
CVE
CVE
added 2017/04/06 9:0 p.m.1047 views

CVE-2016-8735

CVE-2016-8735 is a remote code execution vulnerability in Apache Tomcat via JmxRemoteLifecycleListener. Affected are Tomcat releases before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12, when JMX ports are reachable. Root cause: JmxRemoteLifecycleListe...

9.8CVSS8AI score0.90338EPSS
In wild
CVE
CVE
added 2020/05/19 12:0 a.m.909 views

CVE-2020-7656

CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...

6.1CVSS4.9AI score0.06273EPSS
CVE
CVE
added 2022/03/11 12:0 a.m.873 views

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

7.5CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2018/10/04 1:0 p.m.750 views

CVE-2018-11784

CVE-2018-11784 affects Apache Tomcat: the default servlet could be tricked into generating redirects to arbitrary URIs when handling requests like /foo, enabling open redirect. Affected branches include 9.0.x (9.0.0.M1–9.0.11), 8.5.x (8.5.0–8.5.33), and 7.0.x (7.0.23–7.0.90). Root cause is how th...

4.3CVSS5.1AI score0.94494EPSS
CVE
CVE
added 2018/12/07 9:0 p.m.558 views

CVE-2018-18311

CVE-2018-18311 is a Perl vulnerability describing a buffer overflow caused by crafted regular expressions and an integer/offset issue in Perl’s environment setup (Perl before 5.26.3 and 5.28.x before 5.28.1). Connected advisories show multiple distributions releasing patches and updates to Perl p...

9.8CVSS9.6AI score0.11676EPSS
CVE
CVE
added 2021/06/09 1:55 a.m.521 views

CVE-2021-28169

CVE-2021-28169 affects Eclipse Jetty shipped with multiple versions (<= 9.4.40, <= 10.0.2,

5.3CVSS5.2AI score0.7848EPSS
In wild
CVE
CVE
added 2020/11/28 12:0 a.m.519 views

CVE-2020-27218

CVE-2020-27218 affects Eclipse Jetty 9.4.x (9.4.0.RC0–9.4.34.v20201102), 10.x (10.0.0.alpha0–beta2), and 11.x (11.0.0.alpha0–beta2). When GZIP request body inflation is enabled and requests from different clients are multiplexed on one connection, an attacker who can send a body that is received ...

5.8CVSS5.1AI score0.08113EPSS
CVE
CVE
added 2020/05/01 6:55 p.m.502 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2018/08/20 7:0 p.m.476 views

CVE-2018-1000632

CVE-2018-1000632 affects dom4j prior to 2.1.1 with an XML Injection (CWE-91) in Element methods addElement/addAttribute. An attacker could tamper XML content via crafted attributes/elements. The issue is fixed in 2.1.1+, and IBM/IOC advisories indicate upgrading dom4j (e.g., to 2.1.4 in IOC) to a...

7.5CVSS7.8AI score0.0657EPSS
CVE
CVE
added 2020/06/05 2:20 p.m.472 views

CVE-2020-12723

CVE-2020-12723 : In Perl, regcomp.c allows a buffer overflow in the regex compiler due to crafted regular expressions, caused by recursive S_study_chunk calls. The issue affects Perl before 5.30.3, notably on 32‑bit platforms. Reports in Connected documents indicate fixes have been released (e.g....

7.5CVSS8.1AI score0.05971EPSS
CVE
CVE
added 2021/02/26 9:55 p.m.400 views

CVE-2020-27223

CVE-2020-27223 affects Eclipse Jetty 9.4.6.v20170531–9.4.36.v20210114, 10.0.0, and 11.0.0, where handling requests with multiple Accept headers and many quality (q) values can cause high CPU usage and a DoS. Public sources consistently describe CPU exhaustion as the impact. Remediation is to upgr...

5.3CVSS5.2AI score0.7795EPSS
CVE
CVE
added 2021/07/15 5:0 p.m.393 views

CVE-2021-34429

CVE-2021-34429 affects Eclipse Jetty: 9.4.37–9.4.42, 10.0.1–10.0.5, and 11.0.1–11.0.5. A vulnerability allows crafting certain encoded URIs to access WEB-INF content and bypass some security constraints, constituting a variation of CVE-2021-28164. Public references in connected docs describe this...

5.3CVSS5.4AI score0.99298EPSS
CVE
CVE
added 2021/06/22 2:45 p.m.387 views

CVE-2021-34428

CVE-2021-34428 affects Eclipse Jetty up to 9.4.40, 10.0.2, and 11.0.2. The root cause is an exception in SessionListener#sessionDestroyed() that prevents the session ID from being invalidated in the session ID manager, which in clustered deployments can leave a user session active on a shared mac...

3.6CVSS3.9AI score0.00963EPSS
In wild
CVE
CVE
added 2020/06/05 1:27 p.m.386 views

CVE-2020-10878

Perl before 5.30.3 contains an integer overflow in the regular expression compiler (related to PL_regkind[OP(n)] == NOTHING). A crafted regex can produce malformed bytecode with a possibility of instruction injection, as documented by multiple advisories and CVEs (e.g., CVE-2020-10878). Public re...

8.6CVSS8.8AI score0.04879EPSS
CVE
CVE
added 2021/10/28 3:22 p.m.370 views

CVE-2021-22096

CVE-2021-22096 affects Spring Framework versions 5.3.0–5.3.10, 5.2.0–5.2.17 and older unsupported versions. The issue allows a user to provide malicious input to cause the insertion of additional log entries. Connected Nessus/IBM entries describe a follow-up (CVE-2021-22060) that broadens input c...

4.3CVSS4.6AI score0.01268EPSS
CVE
CVE
added 2021/01/14 2:45 p.m.364 views

CVE-2021-23926

CVE-2021-23926 involves Apache XMLBeans up to 2.6.0, where XML parsers did not set necessary protections against malicious XML input, enabling an XML External Entity (XXE) attack and related.entity expansion concerns. The main impact cited is a potential denial of service or information disclosur...

9.1CVSS9.3AI score0.06215EPSS
CVE
CVE
added 2019/04/22 8:14 p.m.355 views

CVE-2019-10247

CVE-2019-10247 affects Eclipse Jetty when configured to list contexts in 404 responses. Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older disclose the fully qualified directory base resource location in the HTML output of a not-found Context, via the DefaultHandler...

5.3CVSS6AI score0.05782EPSS
CVE
CVE
added 2021/12/16 12:0 a.m.321 views

CVE-2021-42550

This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...

8.5CVSS7AI score0.04439EPSS
CVE
CVE
added 2018/06/26 4:0 p.m.315 views

CVE-2017-7657

CVE-2017-7657 affects Eclipse Jetty: transfer-encoding chunk size parsing could overflow an integer, causing large chunks to be treated as smaller ones and enabling a fake pipelined request that bypasses intermediary authorization. Affected versions include Jetty 9.2.x and older, 9.3.x (all confi...

9.8CVSS9.1AI score0.16154EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.308 views

CVE-2018-12015

CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...

7.5CVSS7.6AI score0.07343EPSS
CVE
CVE
added 2020/10/23 12:5 a.m.301 views

CVE-2020-27216

CVE-2020-27216 affects Eclipse Jetty in Unix-like environments across versions 1.0–9.4.32.v20200930, 10.0.0.alpha1–10.0.0.beta2, and 11.0.0.alpha1–11.0.0.beta2O. It describes a race condition where the system temporary directory is shared among users, allowing a collocated user to observe the cre...

7CVSS6.9AI score0.043EPSS
CVE
CVE
added 2022/04/14 8:5 p.m.296 views

CVE-2022-22968

CVE-2022-22968 affects Spring Framework where DataBinder’s disallowedFields patterns are case sensitive in versions 5.3.0–5.3.18, 5.2.0–5.2.20, and older unsupported releases. The issue means a field is not fully protected unless every first character (and nested path) is listed in both uppercase...

5.3CVSS5.4AI score0.05666EPSS
CVE
CVE
added 2020/09/19 3:45 a.m.289 views

CVE-2020-5421

CVE-2020-5421 affects Spring Framework releases across multiple lines (5.2.x to 5.0.x, 4.3.x and older). The issue arises from improper input handling of the jsessionid path parameter, which may bypass RFD Protection and weaken security controls. Affected products reference VMware Tanzu Spring Fr...

8.7CVSS7.2AI score0.10736EPSS
CVE
CVE
added 2017/08/10 4:0 p.m.283 views

CVE-2016-5018

CVE-2016-5018 affects multiple Tomcat branches (9.0.0.M1–M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, 6.0.0–6.0.45). The vulnerability allows a malicious web application to bypass a configured SecurityManager via a Tomcat utility method that is accessible to web applications, enabling bypass ...

9.1CVSS8.3AI score0.10303EPSS
CVE
CVE
added 2018/12/07 9:0 p.m.264 views

CVE-2018-18313

Perl before 5.26.3 is affected by a buffer over-read triggered by crafted regular expressions, which can disclose sensitive data from process memory. Public sources (e.g., USN-3834-1, Debian/CVE trackers) confirm CVE-2018-18313 and list affected platforms, noting that upgrading to Perl 5.26.3 or ...

9.1CVSS8.9AI score0.09524EPSS
CVE
CVE
added 2018/12/05 10:0 p.m.227 views

CVE-2018-18312

Perl 5.26.3 and 5.28.0 before 5.28.1 are affected by CVE-2018-18312 due to a buffer overflow in handling crafted regular expressions (regcomp.c). The issue enables invalid writes when parsing certain regex patterns. Affected versions: Perl before 5.26.3 and 5.28.0 before 5.28.1. Fixes are availab...

9.8CVSS9.4AI score0.12093EPSS
CVE
CVE
added 2018/06/26 5:0 p.m.226 views

CVE-2017-7658

In CVE-2017-7658, Eclipse Jetty had a flaw in how it handles HTTP requests when multiple Content-Length headers are present or when a Content-Length header accompanies a chunked encoding header. This could allow a forged or pipelined request to bypass intermediary authorization if the shorter len...

9.8CVSS9.2AI score0.20985EPSS
CVE
CVE
added 2018/12/07 9:0 p.m.222 views

CVE-2018-18314

CVE-2018-18314 affects Perl before 5.26.3, with a buffer overflow triggered by a crafted regular expression that leads to invalid write operations during compilation. Connected sources corroborate the issue and mention related details, including a root cause in regcomp.c (S_regatom) and potential...

9.8CVSS9.4AI score0.0606EPSS
CVE
CVE
added 2017/08/10 10:0 p.m.219 views

CVE-2016-6797

CVE-2016-6797 stems from Apache Tomcat’s ResourceLinkFactory not restricting web app access to global JNDI resources, allowing a web application to access any global JNDI resource regardless of explicit ResourceLink. Affects Tomcat 6.x/7.x/8.x/9.x releases listed in the entry (various 6.0–9.0 lin...

7.5CVSS8.4AI score0.0807EPSS
CVE
CVE
added 2017/08/10 4:0 p.m.210 views

CVE-2016-0762

CVE-2016-0762 affects Apache Tomcat realms across multiple branches (Tomcat 9.0.x, 8.5.x, 8.0.x, 7.0.x, 6.0.x). The root cause: Realm implementations did not process the supplied password when the username did not exist, enabling a timing attack to determine valid usernames. The default LockOutRe...

5.9CVSS7.3AI score0.07991EPSS
CVE
CVE
added 2017/08/10 4:0 p.m.200 views

CVE-2016-6794

CVE-2016-6794 affects Apache Tomcat across multiple branches (7.x, 8.x, 9.x) and versions, where the system property replacement feature for configuration files can bypass a configured SecurityManager to read restricted system properties. Connected advisories show concrete impact and suggested fi...

5.3CVSS7AI score0.07152EPSS
CVE
CVE
added 2017/08/11 2:0 a.m.184 views

CVE-2016-6796

CVE-2016-6796 affects Apache Tomcat across multiple lines: a malicious web application could bypass the SecurityManager by manipulating the configuration parameters for the JSP Servlet. Affected versions include Tomcat 9.0.0.M1–9.0.0.M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, and 6.0.0–6.0....

7.5CVSS8.4AI score0.08321EPSS
CVE
CVE
added 2020/11/12 12:45 p.m.168 views

CVE-2020-13954

CVE-2020-13954 is an Apache CXF cross-site scripting (XSS) vulnerability exposed via the /services listing page. The issue arises from improper validation of user-supplied input through styleSheetPath, enabling an attacker to inject script when the URL is visited. Public documentation in the init...

6.1CVSS6.4AI score0.42993EPSS
CVE
CVE
added 2018/06/22 7:0 p.m.142 views

CVE-2018-12538

CVE-2018-12538 affects Eclipse Jetty 9.4.0–9.4.8 when using the FileSessionDataStore for HttpSession persistence. A malicious user could hijack or delete other users’ sessions via the FileSystem storage, due to a flaw in the FileSessionDataStore. Remediation noted in public advisories: upgrade Je...

8.8CVSS8.4AI score0.02689EPSS
CVE
CVE
added 2019/04/22 8:14 p.m.128 views

CVE-2019-10246

CVE-2019-10246 is described in connected IBM security bulletins as an Eclipse Jetty vulnerability where a server configured to Listing directory contents could expose the fully-qualified Base Resource directory name to remote clients, potentially revealing sensitive information. IBM Cognos Analyt...

5.3CVSS5.6AI score0.04016EPSS
CVE
CVE
added 2016/09/21 1:0 a.m.119 views

CVE-2015-8960

The CVE-2015-8960 entry concerns TLS protocol versions 1.2 and earlier. The root cause is that certain ClientCertificateType values (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) are supported but the protocol does not document the ability to compute the master secret in scenarios...

8.1CVSS7.8AI score0.01947EPSS
CVE
CVE
added 2021/01/25 9:25 a.m.86 views

CVE-2021-23901

The CVE-2021-23901 issue affects Apache Nutch DmozParser prior to 1.18, where an XML External Entity (XXE) injection was exploitable due to improper XML processing. Affected component: DmozParser in Nutch versions

9.1CVSS9AI score0.04359EPSS
CVE
CVE
added 2017/02/07 5:0 p.m.54 views

CVE-2016-5372

NetApp Snap Creator Framework CVE-2016-5372 is a CSRF vulnerability affecting versions prior to 4.3.0P1. A remote attacker could hijack user authentication and, per CNVD details, perform unauthorized operations and gain privileges for affected applications via unknown vectors. Mitigation: upgrade...

6.8CVSS6.9AI score0.00532EPSS
CVE
CVE
added 2020/02/10 11:19 p.m.52 views

CVE-2016-5710

The CVE-2016-5710 entry affects NetApp Snap Creator Framework prior to 4.3P1. It describes a clickjacking vulnerability that can be triggered by remote authenticated users via unspecified vectors. Exploitation details are not provided in the supplied documents. The issue appears resolved by upgra...

4.6CVSS4.4AI score0.00709EPSS
CVE
CVE
added 2016/12/21 10:0 p.m.45 views

CVE-2016-7172

CVE-2016-7172 affects NetApp Snap Creator Framework prior to version 4.3.1, where an information disclosure vulnerability allows unauthorized viewing of sensitive data. The issue is tied to NetApp Snap Creator Framework and is documented across multiple sources (NVD/CNVD/etc.) with consistent pro...

7.5CVSS7.3AI score0.01717EPSS