CVE-2021-26999
https://notcve.org/view.php?id=CVE-2021-26999
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. NetApp Cloud Manager versiones anteriores a 3.9.9, registran información confidencial cuando comete un fallo una conexión Active Directory. La información registrada sólo está disponible para usuarios autenticados. • https://security.netapp.com/advisory/NTAP-20210805-0012 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-26998
https://notcve.org/view.php?id=CVE-2021-26998
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. NetApp Cloud Manager versiones anteriores a 3.9.9, registran información confidencial que sólo está disponible para usuarios autenticados. Los clientes con la actualización automática habilitada deberían estar ya en una versión corregida, mientras que a los clientes que usan conectores locales con la actualización automática deshabilitada se les aconseja que actualicen a una versión corregida • https://security.netapp.com/advisory/NTAP-20210805-0011 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-28165 – jetty: Resource exhaustion when receiving an invalid large TLS frame
https://notcve.org/view.php?id=CVE-2021-28165
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability. • https://github.com/uthrasri/CVE-2021-28165 http://www.openwall.com/lists/oss-security/2021/04/20/3 https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark • CWE-400: Uncontrolled Resource Consumption CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-26990
https://notcve.org/view.php?id=CVE-2021-26990
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. Cloud Manager versiones anteriores a 3.9.4, son susceptibles a una vulnerabilidad que podría permitir a un atacante remoto sobrescribir archivos arbitrarios del sistema • https://security.netapp.com/advisory/NTAP-20210318-0001 • CWE-862: Missing Authorization •
CVE-2021-26992
https://notcve.org/view.php?id=CVE-2021-26992
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). Cloud Manager versiones anteriores a 3.9.4, son susceptibles a una vulnerabilidad que podría permitir a un atacante remoto causar una Denegación de servicio (DoS) • https://security.netapp.com/advisory/NTAP-20210318-0003 •