Vulnerabilities > Netapp > Management Services FOR Element Software > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-07 CVE-2023-36054 Access of Uninitialized Pointer vulnerability in multiple products
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer.
network
low complexity
mit debian netapp CWE-824
6.5
2022-08-29 CVE-2022-36033 Cross-site Scripting vulnerability in multiple products
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety.
network
low complexity
jsoup netapp CWE-79
6.1
2022-04-27 CVE-2022-24736 Redis is an in-memory database that persists on disk.
local
low complexity
redis fedoraproject netapp oracle
5.5
2021-10-12 CVE-2021-3671 NULL Pointer Dereference vulnerability in multiple products
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request).
network
low complexity
samba debian netapp CWE-476
6.5
2021-10-04 CVE-2021-32672 Out-of-bounds Read vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
4.3
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3