Vulnerabilities > Netapp > Management Services FOR Element Software AND Netapp HCI > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-14 | CVE-2023-2975 | Improper Authentication vulnerability in multiple products Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. | 5.3 |
2022-03-10 | CVE-2021-3733 | Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. | 6.5 |
2021-10-28 | CVE-2021-22096 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.3 |
2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |