Vulnerabilities > Netapp > Storage Replication Adapter FOR Clustered Data Ontap

DATE CVE VULNERABILITY TITLE RISK
2021-04-01 CVE-2021-28165 Improper Handling of Exceptional Conditions vulnerability in multiple products
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
network
low complexity
eclipse oracle jenkins netapp CWE-755
7.5
2021-04-01 CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory.
network
low complexity
eclipse netapp oracle
5.3
2021-04-01 CVE-2021-28163 Link Following vulnerability in multiple products
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
network
low complexity
eclipse fedoraproject apache netapp oracle CWE-59
2.7
2019-05-07 CVE-2018-20836 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.20.
network
high complexity
linux canonical debian f5 netapp opensuse CWE-416
8.1
2019-04-23 CVE-2019-11486 Race Condition vulnerability in multiple products
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
local
high complexity
linux debian opensuse netapp CWE-362
7.0
2019-04-22 CVE-2019-10247 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path.
network
low complexity
eclipse netapp oracle debian CWE-200
5.3
2019-04-22 CVE-2019-10246 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents.
network
low complexity
eclipse netapp oracle CWE-200
5.3
2018-07-18 CVE-2018-2973 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). 4.3
2018-07-18 CVE-2018-2964 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle netapp
5.1
2018-07-18 CVE-2018-2952 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency).
network
high complexity
oracle debian canonical hp redhat netapp
3.7