Hyper Converged Infrastructure NetApp Hyper Converged Infrastructure

Do you want an email whenever new security vulnerabilities are reported in NetApp Hyper Converged Infrastructure?

By the Year

In 2022 there have been 0 vulnerabilities in NetApp Hyper Converged Infrastructure . Hyper Converged Infrastructure did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 5.90
2018 4 7.58

It may take a day or so for new Hyper Converged Infrastructure vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Hyper Converged Infrastructure Security Vulnerabilities

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL

CVE-2019-1559 5.9 - Medium - February 27, 2019

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Side Channel Attack

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug

CVE-2018-18065 6.5 - Medium - October 08, 2018

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

NULL Pointer Dereference

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug

CVE-2018-18066 7.5 - High - October 08, 2018

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

NULL Pointer Dereference

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask

CVE-2018-1000656 7.5 - High - August 20, 2018

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

Improper Input Validation

In Eclipse Jetty versions 9.4.0 through 9.4.8

CVE-2018-12538 8.8 - High - June 22, 2018

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

Session Fixation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for NetApp Snap Creator Framework or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

subscribe