Vulnerabilities > Netapp > Vasa Provider

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse netapp oracle apache debian
7.0
2018-12-10 CVE-2018-20002 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
local
low complexity
gnu netapp f5 CWE-772
5.5
2018-12-07 CVE-2018-19932 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp CWE-190
5.5
2018-12-07 CVE-2018-19931 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp canonical CWE-787
7.8
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2018-04-19 CVE-2018-2826 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp
8.3
2018-04-19 CVE-2018-2825 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp
8.3
2018-02-01 CVE-2018-6485 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
network
low complexity
gnu redhat oracle netapp CWE-190
critical
9.8
2018-01-21 CVE-2016-10708 NULL Pointer Dereference vulnerability in multiple products
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
network
low complexity
openbsd debian canonical netapp CWE-476
7.5
2017-12-11 CVE-2016-6904 Credentials Management vulnerability in Netapp Vasa Provider 6.0/6.X/7.0
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication.
network
high complexity
netapp CWE-255
8.1