Vulnerabilities > Netapp > HCI Management Node > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3
2020-12-09 CVE-2020-16599 NULL Pointer Dereference vulnerability in multiple products
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
local
low complexity
gnu netapp CWE-476
5.5
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-10-21 CVE-2020-14803 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries).
network
low complexity
oracle netapp debian opensuse
5.0
2020-10-21 CVE-2020-14797 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 4.3
2020-10-21 CVE-2020-14792 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). 5.8
2020-10-21 CVE-2020-14781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). 4.3
2020-06-29 CVE-2020-14145 Information Exposure Through Discrepancy vulnerability in multiple products
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
4.3
2020-06-12 CVE-2020-10732 Use of Uninitialized Resource vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of Userspace core dumps.
local
low complexity
linux opensuse canonical netapp CWE-908
4.4
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
5.8