U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 28 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

Published: December 16, 2021; 2:15:08 PM -0500
V3.1: 6.6 MEDIUM
V2.0: 8.5 HIGH
CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: January 19, 2021; 12:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 8.3 HIGH
CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Published: January 06, 2021; 7:15:15 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 6:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Published: December 27, 2020; 12:15:11 AM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

Published: December 17, 2020; 2:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

Published: December 17, 2020; 2:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Published: December 03, 2020; 12:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25689

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Published: November 02, 2020; 4:15:27 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

Published: October 06, 2020; 10:15:12 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Published: February 10, 2020; 4:56:10 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH