This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Netapp First view 2018-05-16
Product Snapmanager Last view 2020-11-16
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software sap  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:netapp:snapmanager

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2020-11-16 CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

5.5 2019-10-09 CVE-2019-5507

SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.

9.8 2018-06-26 CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

6.5 2018-05-16 CVE-2018-11212

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

CWE : Common Weakness Enumeration

25% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
25% (1) CWE-369 Divide By Zero
25% (1) CWE-190 Integer Overflow or Wraparound
25% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-48b73ed393.nasl - Type: ACT_GATHER_INFO
2018-08-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4278.nasl - Type: ACT_GATHER_INFO
2018-07-13 Name: The remote Fedora host is missing a security update.
File: fedora_2018-93a507fd0f.nasl - Type: ACT_GATHER_INFO