Latest netapp cloud manager Vulnerabilities

● CVE-2021-45105

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea

redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea

redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7

redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8

debian/apache-log4j2

debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1

and 217 more

● CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from ...

redhat/logback-classic<1.2.9

redhat/candlepin<0:4.1.13-1.el7

redhat/candlepin<0:4.1.13-1.el8

Qos Logback<=1.2.7

Qos Logback=1.3.0-alpha0

Qos Logback=1.3.0-alpha1

and 14 more

● CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability

debian/apache-log4j1.2

debian/apache-log4j2

debian/apache-log4j2<=2.13.3-1<=2.7-2<=2.11.1-2

Apple Xcode<13.3

Apache Log4j>=2.0.1<2.3.1

Apache Log4j>=2.4.0<2.12.2

and 429 more

● CVE-2021-27002

NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.

NetApp Cloud Manager<3.9.10

● CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The...

Squid-Cache Squid>=3.0<4.15

Squid-Cache Squid>=5.0<5.0.6

Squid-Cache Squid=2.5.stable2

Squid-Cache Squid=2.5.stable3

Squid-Cache Squid=2.5.stable4

Squid-Cache Squid=2.5.stable5

and 23 more

● CVE-2021-31808

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends ...

Squid-Cache Squid<4.15

Squid-Cache Squid>=5.0<5.0.6

Debian Debian Linux=9.0

Debian Debian Linux=10.0

NetApp Cloud Manager

Fedoraproject Fedora=33

and 2 more

● CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range r...

Squid-Cache Squid<4.15

Squid-Cache Squid>=5.0<5.0.6

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Fedoraproject Fedora=33

Fedoraproject Fedora=34

and 2 more

● CVE-2021-28651

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a smal...

debian/squid<=4.13-9<=4.6-1<=4.6-1+deb10u5

Squid-Cache Squid>=2.0<4.15

Squid-Cache Squid>=5.0<5.0.6

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Fedoraproject Fedora=33

and 3 more

● CVE-2021-28163

Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sen...

redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9

redhat/jenkins<0:2.277.3.1620393611-1.el8

redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8

redhat/jetty<9.4.39

redhat/jetty<10.0.2

redhat/jetty<11.0.2

and 33 more

● CVE-2021-28165

### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU re...

maven/org.eclipse.jetty:jetty-server>=11.0.0<11.0.2

maven/org.eclipse.jetty:jetty-server>=10.0.0<10.0.2

maven/org.eclipse.jetty:jetty-server>=7.2.2<9.4.39

redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9

redhat/jenkins<0:2.277.3.1620393611-1.el8

redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8

and 29 more

● CVE-2021-28164

Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that co...

redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9

redhat/jetty<9.4.39

Eclipse Jetty=9.4.37-20210219

Eclipse Jetty=9.4.38-20210224

NetApp Cloud Manager

Netapp E-series Performance Analyzer

and 16 more

● CVE-2021-26990

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.

NetApp Cloud Manager<3.9.4

● CVE-2021-26991

NetApp Cloud Manager<3.9.4

● CVE-2021-26992

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).

NetApp Cloud Manager<3.9.4

● CVE-2020-25097

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbid...

debian/squid<=4.13-7<=4.6-1+deb10u4<=4.6-1<=4.13-5

Squid-Cache Squid>=2.0<4.14

Squid-Cache Squid>=5.0.1<5.0.5

Debian Debian Linux=10.0

Fedoraproject Fedora=32

Fedoraproject Fedora=33

and 9 more

● CVE-2021-23337

`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

redhat/cockpit-ovirt<0:0.15.1-2.el8e

redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e

redhat/ovirt-web-ui<0:1.6.9-1.el8e

Lodash Lodash<4.17.21

Oracle Banking Corporate Lending Process Management=14.2.0

Oracle Banking Corporate Lending Process Management=14.3.0

and 50 more

● CVE-2020-14058

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Ser...

Squid-Cache Squid>=3.1<=3.5.28

Squid-Cache Squid>=4.0<4.12

Squid-Cache Squid>=5.0<5.0.3

Fedoraproject Fedora=31

NetApp Cloud Manager

Latest netapp cloud manager Vulnerabilities

Company

Resources

Contact