Netapp

Vasa Provider For Clustered Data Ontap

69 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-28165

Exploit
  • EPSS 13.15%
  • Published 01.04.2021 15:15:14
  • Last modified 27.08.2025 21:15:37

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

5.3

CVE-2021-28164

Exploit
  • EPSS 93.52%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:13

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF...

4

CVE-2021-28163

Exploit
  • EPSS 0.21%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:12

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps thems...

6.1

CVE-2020-13954

  • EPSS 8.03%
  • Published 12.11.2020 13:15:11
  • Last modified 21.11.2024 05:02:13

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to ...

7.5

CVE-2020-11868

  • EPSS 0.9%
  • Published 17.04.2020 04:15:10
  • Last modified 05.05.2025 17:15:57

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a vali...

9.3

CVE-2019-11815

Exploit
  • EPSS 1.19%
  • Published 08.05.2019 14:29:00
  • Last modified 21.11.2024 04:21:49

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

9.3

CVE-2018-20836

  • EPSS 1.88%
  • Published 07.05.2019 14:29:00
  • Last modified 21.11.2024 04:02:16

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

7.7

CVE-2019-3900

  • EPSS 0.09%
  • Published 25.04.2019 15:29:00
  • Last modified 21.11.2024 04:42:49

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest ...

5.5

CVE-2019-3882

  • EPSS 0.08%
  • Published 24.04.2019 16:29:02
  • Last modified 21.11.2024 04:42:47

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of th...

7

CVE-2019-11486

  • EPSS 0.05%
  • Published 23.04.2019 22:29:05
  • Last modified 21.11.2024 04:21:10

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.