Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Total 2315 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28165 4 Eclipse, Jenkins, Netapp and 1 more 21 Jetty, Jenkins, Cloud Manager and 18 more 2024-11-21 7.8 HIGH 7.5 HIGH
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
CVE-2021-28164 3 Eclipse, Netapp, Oracle 17 Jetty, Cloud Manager, E-series Performance Analyzer and 14 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2021-28163 5 Apache, Eclipse, Fedoraproject and 2 more 23 Ignite, Solr, Jetty and 20 more 2024-11-21 4.0 MEDIUM 2.7 LOW
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
CVE-2021-28041 4 Fedoraproject, Netapp, Openbsd and 1 more 11 Fedora, Cloud Backup, Hci Compute Node and 8 more 2024-11-21 4.6 MEDIUM 7.1 HIGH
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-28039 3 Linux, Netapp, Xen 4 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller Firmware and 1 more 2024-11-21 2.1 LOW 6.5 MEDIUM
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
CVE-2021-28038 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more 2024-11-21 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
CVE-2021-27365 4 Debian, Linux, Netapp and 1 more 5 Debian Linux, Linux Kernel, Solidfire Baseboard Management Controller and 2 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
CVE-2021-27364 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2024-11-21 3.6 LOW 7.1 HIGH
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2021-27363 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more 2024-11-21 3.6 LOW 4.4 MEDIUM
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
CVE-2021-27358 2 Grafana, Netapp 2 Grafana, E-series Performance Analyzer 2024-11-21 5.0 MEDIUM 7.5 HIGH
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
CVE-2021-27219 5 Broadcom, Debian, Fedoraproject and 2 more 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
CVE-2021-27218 5 Broadcom, Debian, Fedoraproject and 2 more 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2021-27007 1 Netapp 1 Virtual Desktop Service 2024-11-21 7.5 HIGH 9.8 CRITICAL
NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.
CVE-2021-27006 1 Netapp 1 Storagegrid 2024-11-21 2.1 LOW 4.4 MEDIUM
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.
CVE-2021-27005 1 Netapp 1 Ontap System Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.
CVE-2021-27004 1 Netapp 1 Ontap System Manager 2024-11-21 1.7 LOW 5.5 MEDIUM
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.
CVE-2021-27003 1 Netapp 1 Clustered Data Ontap 2024-11-21 4.3 MEDIUM 4.7 MEDIUM
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
CVE-2021-27002 1 Netapp 1 Cloud Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.
CVE-2021-27001 1 Netapp 1 Clustered Data Ontap 2024-11-21 2.1 LOW 5.5 MEDIUM
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
CVE-2021-26999 1 Netapp 1 Cloud Manager 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.