7 matches found
CVE-2021-28165
The CVE-2021-28165 issue affects Eclipse Jetty versions 7.2.2–9.4.38, 10.0.0.alpha0–10.0.1, and 11.0.0.alpha0–11.0.1, where handling a large invalid TLS frame can cause CPU usage to reach 100%, leading to resource exhaustion. The underlying cause is described as abnormal processing after receivin...
CVE-2021-26998
CVE-2021-26998 affects NetApp Cloud Manager prior to 3.9.9, where a flaw allows sensitive information in logs to be exposed to authenticated users. Public sources consistently identify the affected product and version range and confirm the impact as information disclosure. Remediation per the doc...
CVE-2021-26999
CVE-2021-26999 affects NetApp Cloud Manager prior to 3.9.9, where failing an Active Directory connection causes sensitive information to be logged. The logs are available only to authenticated users. Auto-upgrade customers should already be on a fixed version, while users with on‑prem connectors ...
CVE-2021-26992
CVE-2021-26992 affects NetApp Cloud Manager prior to version 3.9.4. The issue allows a remote attacker to cause a Denial of Service (DoS). Documents consistently indicate Cloud Manager, a centralized system for managing local and cloud storage, is vulnerable if running a version before 3.9.4. The...
CVE-2021-26990
CVE-2021-26990 affects NetApp Cloud Manager. Versions prior to 3.9.4 are susceptible to an arbitrary file overwrite vulnerability that could allow a remote attacker to overwrite arbitrary system files. Root cause: a pre-3.9.4 flaw in Cloud Manager. Impact: potential compromise of file integrity a...
CVE-2021-26991
NetApp Cloud Manager before version 3.9.4 is affected by CVE-2021-26991 due to an insecure Cross-Origin Resource Sharing (CORS) policy, which could allow a remote attacker to interact with Cloud Manager. Root cause is a misconfigured CORS policy. The public records do not detail specific exploits...
CVE-2021-27002
CVE-2021-27002 affects NetApp Cloud Manager prior to 3.9.10. Affected component: the web proxy/authorization flow. Root cause: improper validation in the proxy allows a remote unauthenticated attacker to retrieve sensitive data. Impact: exposure of sensitive data via the web proxy. Mitigation: up...