Data Availability Services@- Security Vulnerabilities and Issues — Data Availability Services@- CVE List

Lucene search

NetappData Availability Services-

8 matches found

CVE•added 2020/02/24 10:15 p.m.•4083 views

CVE-2020-1938

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.9AI score0.94465EPSS

CVE•added 2020/02/24 10:15 p.m.•1383 views

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse prox...

5.8CVSS7.4AI score0.00455EPSS

CVE•added 2020/01/17 12:15 a.m.•477 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.3AI score0.90844EPSS

CVE•added 2020/02/24 10:15 p.m.•474 views

CVE-2019-17569

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behin...

5.8CVSS7AI score0.08139EPSS

CVE•added 2020/01/16 4:15 p.m.•361 views

CVE-2019-18282

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashr...

5.3CVSS6AI score0.00406EPSS

CVE•added 2020/02/14 5:15 a.m.•300 views

CVE-2020-8992

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

5.5CVSS5.5AI score0.00068EPSS

CVE•added 2020/02/25 4:15 p.m.•264 views

CVE-2020-9383

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

7.1CVSS6.7AI score0.00164EPSS

CVE•added 2020/02/25 6:15 p.m.•129 views

CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been...

5.5CVSS5.4AI score0.00161EPSS