Product:

Management_services_for_element_software

(Netapp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2023-08-07 CVE-2023-36054 lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Debian_linux, Kerberos_5, Active_iq_unified_manager, Clustered_data_ontap, Hci, Management_services_for_element_software, Ontap_tools 6.5
2021-02-26 CVE-2020-27223 In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. Nifi, Solr, Spark, Debian_linux, Jetty, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Hci, Hci_management_node, Management_services_for_element_software, Snap_creator_framework, Snapcenter, Snapmanager, Solidfire, Rest_data_services 5.3
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. Debian_linux, Jetty, Active_iq_unified_manager, Hci, Management_services_for_element_software, Snap_creator_framework, Communications_cloud_native_core_policy, Rest_data_services 5.3