NetApp Vasa Provider Clustered Data Ontap
By the Year
In 2022 there have been 0 vulnerabilities in NetApp Vasa Provider Clustered Data Ontap . Last year Vasa Provider Clustered Data Ontap had 3 security vulnerabilities published. Right now, Vasa Provider Clustered Data Ontap is on track to have less security vulnerabilities in 2022 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 3 | 5.17 |
| 2020 | 2 | 6.80 |
| 2019 | 4 | 6.60 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Vasa Provider Clustered Data Ontap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Vasa Provider Clustered Data Ontap Security Vulnerabilities
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory
CVE-2021-28163
2.7 - Low
- April 01, 2021
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
insecure temporary file
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs
CVE-2021-28164
5.3 - Medium
- April 01, 2021
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
AuthZ
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage
CVE-2021-28165
7.5 - High
- April 01, 2021
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Resource Exhaustion
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses
CVE-2020-13954
6.1 - Medium
- November 12, 2020
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
XSS
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100
CVE-2020-11868
7.5 - High
- April 17, 2020
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Origin Validation Error
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8
CVE-2019-11815
8.1 - High
- May 08, 2019
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
Race Condition
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6
CVE-2019-3900
7.7 - High
- April 25, 2019
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Infinite Loop
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context
CVE-2019-10247
5.3 - Medium
- April 22, 2019
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
Information Disclosure
In Eclipse Jetty version 9.2.27
CVE-2019-10246
5.3 - Medium
- April 22, 2019
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Unified Directory or by NetApp? Click the Watch button to subscribe.
