Product:

Snapcenter

(Netapp)
Date Id Summary Products Score Patch Annotated
2023-10-12 CVE-2023-27313 SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. Snapcenter 8.8
2023-10-12 CVE-2023-27316 SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. Snapcenter 7.8
2021-01-13 CVE-2021-21252 The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. Jquery_validation, Snapcenter 7.5
2021-03-31 CVE-2021-29662 The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. Data\:\:validate\:\:ip, Snapcenter 7.5
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. Debian_linux, Jetty, Jenkins, Element_plug\-In_for_vcenter_server, Hci_compute_node, Management_services_for_element_software_and_netapp_hci, Snapcenter, Solidfire_\&_hci_storage_node 7.5
2023-04-18 CVE-2023-21971 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable... Active_iq_unified_manager, Oncommand_insight, Snapcenter, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Mysql_connectors 5.3
2017-03-15 CVE-2016-7103 Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Debian_linux, Fedora, Jquery_ui, Junos, Snapcenter, Application_express, Business_intelligence, Hospitality_cruise_fleet_management, Oss_support_tools, Primavera_unifier, Siebel_ui_framework, Weblogic_server, Openstack 6.1
2014-11-24 CVE-2010-5312 Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. Drill, Debian_linux, Drupal, Fedora, Jquery_ui, Snapcenter 6.1
2018-01-10 CVE-2017-17485 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. Debian_linux, Jackson\-Databind, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Oncommand_shift, Snapcenter, Jboss_enterprise_application_platform, Openshift_container_platform 9.8
2018-07-18 CVE-2018-3067 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts).... Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql 4.9