E-series Performance Analyzer Security Vulnerabilities and Issues — E-series Performance Analyzer CVE List

Lucene search

NetappE-series Performance Analyzer

17 matches found

CVE•added 2021/03/25 3:15 p.m.•759 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15408EPSS

CVE•added 2021/04/01 3:15 p.m.•526 views

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

7.8CVSS7.3AI score0.10227EPSS

CVE•added 2021/02/15 5:15 p.m.•461 views

CVE-2021-27219

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

7.5CVSS7.7AI score0.0029EPSS

CVE•added 2021/04/01 3:15 p.m.•455 views

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can ...

5.3CVSS5.2AI score0.93484EPSS

CVE•added 2021/04/01 3:15 p.m.•405 views

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that dir...

4CVSS5.1AI score0.00152EPSS

In wild

CVE•added 2021/02/15 5:15 p.m.•370 views

CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

7.5CVSS7.7AI score0.04301EPSS

CVE•added 2021/03/18 8:15 p.m.•368 views

CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

7.5CVSS7.3AI score0.79637EPSS

CVE•added 2021/03/03 6:15 p.m.•318 views

CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS ...

7.5CVSS7.5AI score0.01471EPSS

CVE•added 2021/03/03 6:15 p.m.•315 views

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable ...

7.8CVSS7.4AI score0.87361EPSS

CVE•added 2021/12/14 7:15 p.m.•292 views

CVE-2021-4044

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an ...

7.5CVSS7.2AI score0.18807EPSS

CVE•added 2021/03/12 7:15 p.m.•287 views

CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

9.8CVSS9.5AI score0.00917EPSS

CVE•added 2021/05/28 6:15 p.m.•222 views

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

7.5CVSS7.4AI score0.01255EPSS

CVE•added 2021/05/04 9:15 a.m.•183 views

CVE-2021-23383

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

9.8CVSS7.2AI score0.05851EPSS

CVE•added 2021/05/28 8:15 p.m.•149 views

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

7.5CVSS7.3AI score0.00211EPSS

CVE•added 2021/05/25 7:15 p.m.•141 views

CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a...

5.3CVSS5.4AI score0.00466EPSS

CVE•added 2021/03/19 9:15 p.m.•87 views

CVE-2021-21267

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...

7.5CVSS7.5AI score0.00866EPSS

CVE•added 2021/06/02 3:15 p.m.•70 views

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.

9.8CVSS9.3AI score0.0109EPSS