Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Hyper Converged Infrastructure
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1559 7 Canonical, Debian, F5 and 4 more 18 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 15 more 2021-01-20 4.3 MEDIUM 5.9 MEDIUM
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2018-12538 2 Eclipse, Netapp 12 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Os Controller and 9 more 2020-10-20 6.5 MEDIUM 8.8 HIGH
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
CVE-2018-1000656 2 Netapp, Palletsprojects 4 Active Iq, Hyper Converged Infrastructure, Ontap Select Deploy Utility and 1 more 2020-06-09 5.0 MEDIUM 7.5 HIGH
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
CVE-2018-18065 5 Canonical, Debian, Net-snmp and 2 more 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more 2019-10-16 4.0 MEDIUM 6.5 MEDIUM
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-18066 2 Net-snmp, Netapp 7 Net-snmp, Cloud Backup, Data Ontap and 4 more 2019-10-16 5.0 MEDIUM 7.5 HIGH
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.