Latest netapp management services for element software and netapp hci Vulnerabilities

CVE-2023-2975
AES-SIV implementation ignores empty associated data entries
OpenSSL OpenSSL>=3.0.0<=3.0.9
OpenSSL OpenSSL>=3.1.0<=3.1.1
Netapp Management Services For Element Software And Netapp Hci
NetApp ONTAP Select Deploy administration utility
ubuntu/openssl<3.0.2-0ubuntu1.12
ubuntu/openssl<3.0.8-1ubuntu1.4
and 1 more
CVE-2020-23064
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
Jquery Jquery>=2.2.0<3.5.0
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
npm/jquery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
nuget/jQuery>=1.0.3<3.5.0
Netapp Active Iq Unified Manager Linux
and 4 more
CVE-2022-2047
Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this...
Eclipse Jetty<9.4.46
Eclipse Jetty>=10.0.0<10.0.9
Eclipse Jetty>=11.0.0<=11.0.9
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Element Plug-in For Vcenter Server
and 6 more
CVE-2022-2048
### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the...
redhat/jenkins<0:2.401.1.1686831596-3.el8
redhat/jenkins<0:2.361.1.1672840472-1.el8
redhat/jenkins<0:2.361.1.1675668150-1.el8
maven/org.eclipse.jetty.http2:http2-server>=11.0.0<11.0.10
maven/org.eclipse.jetty.http2:http2-server>=10.0.0<10.0.10
maven/org.eclipse.jetty.http2:http2-server<9.4.47
and 14 more
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
redhat/ovirt-dependencies<0:4.5.2-1.el8e
VMware Spring Framework>=5.2.0<=5.2.17
VMware Spring Framework>=5.3.0<=5.3.10
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vsphere
Netapp Active Iq Unified Manager Windows
and 6 more
CVE-2021-32765
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protoc...
Redis Hiredis<1.0.1
Debian Debian Linux=9.0
Netapp Management Services For Element Software And Netapp Hci
CVE-2021-41099
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of servic...
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Fedoraproject Fedora=33
and 9 more
CVE-2021-41079
Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to...
redhat/jws5-tomcat<0:9.0.43-13.redhat_00013.1.el7
redhat/jws5-tomcat<0:9.0.43-13.redhat_00013.1.el8
ubuntu/tomcat9<9.0.16-3ubuntu0.18.04.2
ubuntu/tomcat9<9.0.31-1ubuntu0.2
redhat/tomcat<10.0.4
redhat/tomcat<9.0.44
and 17 more
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, ...
redhat/eap7-apache-cxf<0:3.3.12-1.redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.5.3-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.43-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.2-10.Final_redhat_00011.1.el6ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el6ea
and 55 more
CVE-2021-3733
Python is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the AbstractBasicAuthHandler class in urllib. By persuading a victim to visit a specially-...
redhat/python3<0:3.6.8-39.el8_4
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 49 more
CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Re...
Vmware Spring Boot<1.3.2
Netapp Element Plug-in For Vcenter Server
Netapp Management Services For Element Software And Netapp Hci<2.17.56
IBM Cloud Pak for Business Automation<=12.2
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 795 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203