Netapp Vasa Provider vulnerabilities

10 known vulnerabilities affecting netapp/vasa_provider.

Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2020-27216HIGHCVSS 7.0≥ 7.22020-10-23
CVE-2020-27216 [HIGH] CWE-378 CVE-2020-27216: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alp In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to comp
nvd
CVE-2018-20002MEDIUMCVSS 5.5≥ 7.22018-12-10
CVE-2018-20002 [MEDIUM] CWE-772 CVE-2018-20002: The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (ak The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
nvd
CVE-2018-19931HIGHCVSS 7.8≥ 7.22018-12-07
CVE-2018-19931 [HIGH] CWE-787 CVE-2018-19931: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
nvd
CVE-2018-19932MEDIUMCVSS 5.5≥ 7.22018-12-07
CVE-2018-19932 [MEDIUM] CWE-190 CVE-2018-19932: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
nvd
CVE-2018-15473MEDIUMCVSS 5.3PoC≥ 7.22018-08-17
CVE-2018-15473 [MEDIUM] CWE-362 CVE-2018-15473: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
nvd
CVE-2018-2826HIGHCVSS 8.3≥ 7.22018-04-19
CVE-2018-2826 [HIGH] CVE-2018-2826: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported ve Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and whil
nvd
CVE-2018-2825HIGHCVSS 8.3≥ 7.22018-04-19
CVE-2018-2825 [HIGH] CVE-2018-2825: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported ve Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and whil
nvd
CVE-2018-6485CRITICALCVSS 9.8≥ 7.2v6.x2018-02-01
CVE-2018-6485 [CRITICAL] CWE-190 CVE-2018-6485: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
nvd
CVE-2016-6904HIGHCVSS 8.1≤ 7.02017-12-11
CVE-2016-6904 [HIGH] CWE-255 CVE-2016-6904: Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
nvd
CVE-2017-10053MEDIUMCVSS 5.3≥ 7.2v6.02017-08-08
CVE-2017-10053 [MEDIUM] CVE-2017-10053: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java S
nvd