Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Management_services_for_element_software_and_netapp_hci
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-03 | CVE-2024-6119 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an... | 500f_firmware, A250_firmware, Active_iq_unified_manager, Bootstrap_os, Brocade_fabric_operating_system, C250_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c, H700s_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility, Ontap_tools, Openssl | 7.5 | ||
| 2024-02-29 | CVE-2024-26458 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-02-29 | CVE-2024-26461 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-02-29 | CVE-2024-26458 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-02-29 | CVE-2024-26461 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-07-05 | CVE-2024-39689 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which... | Certifi, Management_services_for_element_software_and_netapp_hci, Ontap_select_deploy_administration_utility, Ontap_tools | 7.5 | ||
| 2024-02-29 | CVE-2024-26462 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_select_deploy_administration_utility | 5.5 | ||
| 2021-03-15 | CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. | Element_plug\-In_for_vcenter_server, Management_services_for_element_software_and_netapp_hci, Solidfire_\&_hci_management_node, Spring_boot | 9.8 | ||
| 2021-08-18 | CVE-2021-37714 | jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available... | Jsoup, Management_services_for_element_software_and_netapp_hci, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Communications_messaging_server, Financial_services_crime_and_compliance_management_studio, Flexcube_universal_banking, Hospitality_token_proxy_service, Middleware_common_libraries_and_tools, Peoplesoft_enterprise_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Stream_analytics, Webcenter_portal, Quarkus | 7.5 | ||
| 2021-09-16 | CVE-2021-41079 | Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. | Tomcat, Debian_linux, Management_services_for_element_software_and_netapp_hci | 7.5 |