Hci NetApp Hci

Do you want an email whenever new security vulnerabilities are reported in NetApp Hci?

By the Year

In 2021 there have been 2 vulnerabilities in NetApp Hci with an average score of 6.4 out of ten. Last year Hci had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.60

Year Vulnerabilities Average Score
2021 2 6.40
2020 2 7.00
2019 0 0.00
2018 3 6.13

It may take a day or so for new Hci vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Hci Security Vulnerabilities

Redis is an open source, in-memory database that persists on disk

CVE-2021-32675 7.5 - High - October 04, 2021

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.

Allocation of Resources Without Limits or Throttling

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive)

CVE-2020-27223 5.3 - Medium - February 26, 2021

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Resource Exhaustion

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could

CVE-2020-8582 6.5 - Medium - November 13, 2020

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could

CVE-2020-8583 7.5 - High - November 13, 2020

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users

CVE-2018-7170 5.3 - Medium - March 06, 2018

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

The protocol engine in ntp 4.2.6 before 4.2.8p11

CVE-2018-7185 7.5 - High - March 06, 2018

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Systems with microprocessors utilizing speculative execution and branch prediction may

CVE-2017-5753 5.6 - Medium - January 04, 2018

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Side Channel Attack

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Local Service Management System or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

NetApp Hci
Product

subscribe