Search Results (864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-12099 3 Grafana, Netapp, Redhat 4 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 1 more 2024-11-21 N/A
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
CVE-2018-1000873 4 Fasterxml, Netapp, Oracle and 1 more 7 Jackson-modules-java8, Active Iq Unified Manager, Clusterware and 4 more 2024-11-21 6.5 Medium
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CVE-2018-1000656 3 Netapp, Palletsprojects, Redhat 5 Active Iq, Hyper Converged Infrastructure, Ontap Select Deploy Utility and 2 more 2024-11-21 7.5 High
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
CVE-2015-20107 4 Fedoraproject, Netapp, Python and 1 more 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more 2024-11-21 7.6 High
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9