Vulnerabilities > Netapp > Management Services FOR Element Software AND Netapp HCI

DATE CVE VULNERABILITY TITLE RISK
2023-07-14 CVE-2023-2975 Improper Authentication vulnerability in multiple products
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation.
network
low complexity
openssl netapp CWE-287
5.3
5.3
2022-07-07 CVE-2022-2047 Improper Input Validation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname.
network
low complexity
eclipse debian netapp CWE-20
2.7
2.7
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
7.5
2022-03-10 CVE-2021-3733 Resource Exhaustion vulnerability in multiple products
There's a flaw in urllib's AbstractBasicAuthHandler class.
network
low complexity
python redhat fedoraproject netapp CWE-400
6.5
6.5
2021-10-28 CVE-2021-22096 In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
network
low complexity
vmware netapp oracle
4.3
4.3
2021-10-04 CVE-2021-32765 Integer Overflow or Wraparound vulnerability in multiple products
Hiredis is a minimalistic C client library for the Redis database.
network
low complexity
redis debian netapp CWE-190
8.8
8.8
2021-10-04 CVE-2021-41099 Integer Overflow to Buffer Overflow vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
high complexity
redis fedoraproject debian netapp oracle CWE-680
7.5
7.5
2021-09-16 CVE-2021-41079 Infinite Loop vulnerability in multiple products
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets.
network
low complexity
apache debian netapp CWE-835
7.5
7.5
2021-08-18 CVE-2021-37714 Infinite Loop vulnerability in multiple products
jsoup is a Java library for working with HTML.
network
low complexity
jsoup quarkus oracle netapp CWE-835
7.5
7.5
2021-03-15 CVE-2021-26987 Element Plug-in for vCenter Server incorporates SpringBoot Framework.
network
low complexity
vmware netapp
critical
 9.8
9.8