Note:
This project will be discontinued after December 13, 2021. [more]
Product:
E\-Series_santricity_os_controller
(Netapp)| Repositories |
• https://github.com/Perl/perl5
• https://github.com/mm2/Little-CMS • https://github.com/madler/zlib |
| #Vulnerabilities | 240 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-02 | CVE-2021-21285 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | Debian_linux, Docker, E\-Series_santricity_os_controller | 6.5 | ||
| 2021-02-26 | CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | Nifi, Solr, Spark, Debian_linux, Jetty, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Hci, Hci_management_node, Management_services_for_element_software, Snap_creator_framework, Snapcenter, Snapmanager, Solidfire, Rest_data_services | 5.3 | ||
| 2021-04-01 | CVE-2021-28163 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | Ignite, Solr, Jetty, Fedora, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Santricity_cloud_connector, Snapcenter, Snapcenter_plug\-In, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Autovue_for_agile_product_lifecycle_management, Banking_apis, Banking_digital_experience, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Siebel_core_\-_automation | 2.7 | ||
| 2021-04-01 | CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | Jetty, Jenkins, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_storage, E\-Series_santricity_web_services, Ontap_tools, Santricity_cloud_connector, Santricity_web_services_proxy, Snapcenter, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Autovue_for_agile_product_lifecycle_management, Communications_cloud_native_core_policy, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Rest_data_services, Siebel_core_\-_automation | 7.5 | ||
| 2021-04-01 | CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | Jetty, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Santricity_cloud_connector, Snapcenter, Snapcenter_plug\-In, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Autovue_for_agile_product_lifecycle_management, Banking_apis, Banking_digital_experience, Communications_session_route_manager, Siebel_core_\-_automation | 5.3 | ||
| 2021-05-19 | CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_h410c_firmware, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Snapdrive, Snapmanager, Solidfire, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Mysql_workbench, Openjdk, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Zfs_storage_appliance_kit, Enterprise_linux, Jboss_core_services, Libxml2 | 8.6 | ||
| 2021-05-25 | CVE-2021-33574 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | Debian_linux, Fedora, Glibc, Cloud_backup, E\-Series_santricity_os_controller, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 9.8 | ||
| 2021-06-02 | CVE-2021-3522 | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | Gstreamer, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Openjdk | 5.5 | ||
| 2021-06-11 | CVE-2021-26997 | E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks. | E\-Series_santricity_os_controller | 6.5 | ||
| 2021-06-11 | CVE-2021-26993 | E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. | E\-Series_santricity_os_controller | 5.3 |