Skip to main content

Management Services For Element Software And Netapp Hci

15 CVEs product

Monthly

CVE-2024-6119 HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL Active Iq Unified Manager Management Services For Element Software And Netapp Hci +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2024-39689 PyPI HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mozilla Certifi Management Services For Element Software And Netapp Hci Ontap Select Deploy Administration Utility +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-26462 MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-26461 HIGH POC This Week

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-26458 MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +5
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-2975 MEDIUM PATCH This Month

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Management Services For Element Software And Netapp Hci Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-2048 Maven HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-2047 Maven LOW PATCH Monitor

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +3
NVD GitHub
CVSS 3.1
2.7
EPSS
1.2%
CVE-2021-22096 Maven MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Framework Active Iq Unified Manager Management Services For Element Software And Netapp Hci +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-32765 HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Hiredis Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-41099 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service RCE Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-41079 Maven HIGH PATCH This Week

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache OpenSSL Denial Of Service Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2021-37714 Maven HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup Quarkus Banking Trade Finance +13
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2021-26987 CRITICAL Act Now

Element Plug-in for vCenter Server incorporates SpringBoot Framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Spring Boot Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +1
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL +19
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mozilla Certifi +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kerberos 5 Active Iq Unified Manager +7
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager +7
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Management Services For Element Software And Netapp Hci +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux +6
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jetty Debian Linux +5
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Framework +7
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service +5
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache OpenSSL +3
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup +15
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Element Plug-in for vCenter Server incorporates SpringBoot Framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Spring Boot +3
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy