threat
engine
.sh
Back
·
··:··
Home
/
Product
/
netapp snap creator framework
Product
netapp snap creator framework
42 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-22968
all versions
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on
5.3
MEDIUM
CVE-2020-36518
all versions
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
HIGH
CVE-2021-42550
all versions
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a m
6.6
MEDIUM
CVE-2021-22096
all versions
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide
4.3
MEDIUM
CVE-2021-34429
all versions
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to acce
5.3
MEDIUM
CVE-2021-34428
all versions
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed()
2.9
LOW
CVE-2021-28169
all versions
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded
5.3
MEDIUM
CVE-2020-27223
all versions
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multi
5.2
MEDIUM
CVE-2021-23901
all versions
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions
9.1
CRITICAL
CVE-2021-23926
all versions
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML inpu
9.1
CRITICAL
CVE-2020-27218
all versions
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP
4.8
MEDIUM
CVE-2020-13954
all versions
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i
6.1
MEDIUM
CVE-2020-27216
all versions
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Uni
7.0
HIGH
CVE-2020-5421
all versions
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr
6.5
MEDIUM
CVE-2020-12723
all versions
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls
7.5
HIGH
CVE-2020-10878
all versions
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular
8.6
HIGH
CVE-2020-7656
all versions
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<scr
6.1
MEDIUM
CVE-2020-10683
all versions
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H
9.8
CRITICAL
CVE-2020-11022
all versions
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery
6.9
MEDIUM
CVE-2020-11023
all versions
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9
MEDIUM
CVE-2016-5710
< 4.3.1
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vecto
4.6
MEDIUM
CVE-2019-10247
all versions
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jett
5.3
MEDIUM
CVE-2019-10246
all versions
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualifie
5.3
MEDIUM
CVE-2018-18314
all versions
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
9.8
CRITICAL
CVE-2018-18313
all versions
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from
9.1
CRITICAL
CVE-2018-18311
all versions
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8
CRITICAL
CVE-2018-18312
all versions
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8
CRITICAL
CVE-2018-11784
all versions
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to
4.3
MEDIUM
CVE-2018-1000632
all versions
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAtt
7.5
HIGH
CVE-2017-7658
all versions
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations
9.8
CRITICAL
CVE-2017-7657
< 4.3.3
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 complian
9.8
CRITICAL
CVE-2018-12538
all versions
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage
8.8
HIGH
CVE-2018-12015
all versions
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and
7.5
HIGH
CVE-2016-6796
all versions
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 an
7.5
HIGH
CVE-2016-6797
all versions
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70
7.5
HIGH
CVE-2016-6794
all versions
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityMa
5.3
MEDIUM
CVE-2016-5018
all versions
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web ap
9.1
CRITICAL
CVE-2016-0762
all versions
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and
5.9
MEDIUM
CVE-2016-8735
all versions
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and
9.8
CRITICAL
CVE-2016-5372
<= 4.3.0
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack
6.3
MEDIUM
CVE-2016-7172
<= 4.3.0
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
7.5
HIGH
CVE-2015-8960
all versions
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCe
8.1
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin