11.40.5

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-01	CVE-2021-28165	Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. network low complexity eclipse oracle jenkins netapp CWE-755	7.5
2021-04-01	CVE-2021-28164	In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. network low complexity eclipse netapp oracle	5.3
2021-04-01	CVE-2021-28163	Link Following vulnerability in multiple products In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. network low complexity eclipse fedoraproject apache netapp oracle CWE-59	2.7
2021-02-26	CVE-2020-27223	Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. network low complexity eclipse apache netapp debian oracle CWE-400	5.3
2021-02-02	CVE-2021-21285	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. network low complexity docker debian netapp CWE-754	6.5
2021-02-02	CVE-2021-21284	Path Traversal vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. low complexity docker debian netapp CWE-22	2.7
2021-01-27	CVE-2021-3326	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network low complexity gnu netapp oracle fujitsu debian CWE-617	7.5
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-12-04	CVE-2020-29562	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network high complexity gnu fedoraproject netapp CWE-617	4.8
2020-11-06	CVE-2020-8580	Unspecified vulnerability in Netapp E-Series Santricity OS Controller SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). network low complexity netapp	5.0