Note:
This project will be discontinued after December 13, 2021. [more]
Product:
E\-Series_performance_analyzer
(Netapp)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 60 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-01 | CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | Jetty, Jenkins, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_storage, E\-Series_santricity_web_services, Ontap_tools, Santricity_cloud_connector, Santricity_web_services_proxy, Snapcenter, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Autovue_for_agile_product_lifecycle_management, Communications_cloud_native_core_policy, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Rest_data_services, Siebel_core_\-_automation | 7.5 | ||
2021-05-25 | CVE-2021-32640 | ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the... | E\-Series_performance_analyzer, Ws | 5.3 | ||
2022-02-08 | CVE-2022-21702 | Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be... | Fedora, Grafana, E\-Series_performance_analyzer | 5.4 | ||
2022-02-08 | CVE-2022-21703 | Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised... | Fedora, Grafana, E\-Series_performance_analyzer | 8.8 | ||
2022-02-08 | CVE-2022-21713 | Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and... | Fedora, Grafana, E\-Series_performance_analyzer | 4.3 | ||
2022-11-09 | CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied... | Fedora, Active_iq_unified_manager, Bootstrap_os, E\-Series_performance_analyzer, Element_software, Hci, Management_services_for_element_software, Ontap_select_deploy_administration_utility, Python | 7.5 | ||
2021-05-28 | CVE-2021-33587 | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | Css\-What, E\-Series_performance_analyzer | 7.5 | ||
2021-05-28 | CVE-2021-33623 | The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | Debian_linux, E\-Series_performance_analyzer, Trim\-Newlines | 7.5 | ||
2022-08-24 | CVE-2021-3999 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | Debian_linux, Glibc, E\-Series_performance_analyzer, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Nfs_plug\-In, Ontap_select_deploy_administration_utility | 7.8 | ||
2020-07-27 | CVE-2020-11110 | Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. | Grafana, E\-Series_performance_analyzer | 5.4 |