Netapp E-Series Santricity Os Controller vulnerabilities
240 known vulnerabilities affecting netapp/e-series_santricity_os_controller.
Total CVEs
240
CISA KEV
1
actively exploited
Public exploits
9
Exploited in wild
2
Severity breakdown
CRITICAL31HIGH57MEDIUM107LOW45
Vulnerabilities
Page 4 of 12
CVE-2021-26995HIGHCVSS 8.8≥ 11.0.0, < 11.70.12021-06-11
CVE-2021-26995 [HIGH] CVE-2021-26995: E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulne
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.
nvd
CVE-2021-26996HIGHCVSS 7.5≥ 11.0.0, < 11.70.12021-06-11
CVE-2021-26996 [HIGH] CVE-2021-26996: E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulne
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.
nvd
CVE-2021-26997MEDIUMCVSS 6.5≥ 11.0.0, < 11.70.12021-06-11
CVE-2021-26997 [MEDIUM] CWE-209 CVE-2021-26997: E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulne
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.
nvd
CVE-2021-26993MEDIUMCVSS 5.3≥ 11.0.0, < 11.70.12021-06-11
CVE-2021-26993 [MEDIUM] CVE-2021-26993: E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulne
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.
nvd
CVE-2021-3522MEDIUMCVSS 5.5≥ 11.0.0, ≤ 11.70.12021-06-02
CVE-2021-3522 [MEDIUM] CWE-125 CVE-2021-3522: GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
nvd
CVE-2021-33574CRITICALCVSS 9.8≥ 11.0, ≤ 11.70.12021-05-25
CVE-2021-33574 [CRITICAL] CWE-416 CVE-2021-33574: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
nvd
CVE-2021-3517HIGHCVSS 8.6≥ 11.0.0, ≤ 11.70.12021-05-19
CVE-2021-3517 [HIGH] CWE-787 CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An at
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential im
nvd
CVE-2021-28165HIGHCVSS 7.5≥ 11.0.0, < 11.70.12021-04-01
CVE-2021-28165 [HIGH] CWE-400 CVE-2021-28165: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage ca
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
nvd
CVE-2021-28164MEDIUMCVSS 5.3PoC≥ 11.0, ≤ 11.70.12021-04-01
CVE-2021-28164 [MEDIUM] CWE-200 CVE-2021-28164: In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests w
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implement
nvd
CVE-2021-28163LOWCVSS 2.7≥ 11.0.0, ≤ 11.70.12021-04-01
CVE-2021-28163 [LOW] CWE-200 CVE-2021-28163: In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user use
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
nvd
CVE-2020-27223MEDIUMCVSS 5.3≥ 11.0.0, ≤ 11.70.12021-02-26
CVE-2020-27223 [MEDIUM] CWE-407 CVE-2020-27223: In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty hand
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhaust
nvd
CVE-2021-21284MEDIUMCVSS 6.8≥ 11.0.0, ≤ 11.60.32021-02-02
CVE-2021-21284 [MEDIUM] CWE-22 CVE-2021-21284: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap opt
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing f
nvd
CVE-2021-21285MEDIUMCVSS 6.5≥ 11.0, ≤ 11.60.32021-02-02
CVE-2021-21285 [MEDIUM] CWE-400 CVE-2021-21285: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionall
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
nvd
CVE-2021-3326HIGHCVSS 7.5≥ 11.0, ≤ 11.60.32021-01-27
CVE-2021-3326 [HIGH] CWE-617 CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
nvd
CVE-2020-1971MEDIUMCVSS 5.9≥ 11.0.0, ≤ 11.60.32020-12-08
CVE-2020-1971 [MEDIUM] CWE-476 CVE-2020-1971: The X.509 GeneralName type is a generic type for representing different types of names. One of those
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A
nvd
CVE-2020-29562MEDIUMCVSS 4.8≥ 11.0.0, ≤ 11.60.32020-12-04
CVE-2020-29562 [MEDIUM] CWE-617 CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
nvd
CVE-2020-8580HIGHCVSS 7.5≥ 11.30, < 11.60.32020-11-06
CVE-2020-8580 [HIGH] CVE-2020-8580: SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).
nvd
CVE-2020-8577MEDIUMCVSS 5.9≥ 11.50.12020-11-06
CVE-2020-8577 [MEDIUM] CVE-2020-8577: SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability whi
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.
nvd
CVE-2020-14803MEDIUMCVSS 5.3≥ 11.0.0, ≤ 11.60.12020-10-21
CVE-2020-14803 [MEDIUM] CVE-2020-14803: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a
nvd
CVE-2020-14792MEDIUMCVSS 4.2≥ 11.0.0, ≤ 11.60.12020-10-21
CVE-2020-14792 [MEDIUM] CVE-2020-14792: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Suppo
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu
nvd