E Series Santricity OS Controller

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-20	CVE-2021-35567	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network low complexity oracle netapp debian fedoraproject	6.8
2021-10-20	CVE-2021-35578	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). network low complexity oracle netapp debian fedoraproject	5.3
2021-10-20	CVE-2021-35586	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). network low complexity oracle netapp fedoraproject debian	5.3
2021-10-20	CVE-2021-35588	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). network high complexity oracle netapp fedoraproject debian	3.1
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-24	CVE-2021-3712	Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. network high complexity openssl debian netapp mcafee tenable oracle siemens CWE-125	7.4
2021-07-22	CVE-2021-35942	Integer Overflow or Wraparound vulnerability in multiple products The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. network low complexity gnu netapp debian CWE-190 critical	9.1
2021-07-15	CVE-2021-34429	For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. network low complexity eclipse netapp oracle	5.3
2021-06-22	CVE-2021-34428	Insufficient Session Expiration vulnerability in multiple products For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. low complexity eclipse debian netapp oracle CWE-613	3.5
2021-06-11	CVE-2021-26993	Unspecified vulnerability in Netapp E-Series Santricity OS Controller E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. network low complexity netapp	5.0