Aff_a400_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Aff_a400_firmware
(Netapp)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	24

Date	Id	Summary	Products	Score	Patch	Annotated
2022-05-03	CVE-2022-1292	The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o...	Debian_linux, Fedora, A250_firmware, A700s_firmware, Active_iq_unified_manager, Aff_500f_firmware, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Fabric\-Attached_storage_a400_firmware, Fas_500f_firmware, Fas_8300_firmware, Fas_8700_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Oncommand_insight, Oncommand_workflow_automation, Santricity_smi\-S_provider, Smi\-S_provider, Snapcenter, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Openssl, Enterprise_manager_ops_center, Mysql_server, Mysql_workbench	9.8
2022-05-03	CVE-2022-1343	The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the...	A250_firmware, A700s_firmware, Active_iq_unified_manager, Aff_500f_firmware, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Fabric\-Attached_storage_a400_firmware, Fas_500f_firmware, Fas_8300_firmware, Fas_8700_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Santricity_smi\-S_provider, Smi\-S_provider, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Openssl	5.3
2022-05-03	CVE-2022-1473	The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time....	A250_firmware, A700s_firmware, Active_iq_unified_manager, Aff_500f_firmware, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Fabric\-Attached_storage_a400_firmware, Fas_500f_firmware, Fas_8300_firmware, Fas_8700_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Santricity_smi\-S_provider, Smi\-S_provider, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Openssl	7.5
2022-07-27	CVE-2022-36879	An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.	Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Aff_500f_firmware, Aff_8300_firmware, Aff_8700_firmware, Aff_a250_firmware, Aff_a400_firmware, E\-Series_santricity_os_controller, Fas_500f_firmware, Fas_8300_firmware, Fas_8700_firmware, Fas_a250_firmware, Fas_a400_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_bootstrap_os	5.5
2022-07-27	CVE-2022-36879	An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.	Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Aff_500f_firmware, Aff_8300_firmware, Aff_8700_firmware, Aff_a250_firmware, Aff_a400_firmware, E\-Series_santricity_os_controller, Fas_500f_firmware, Fas_8300_firmware, Fas_8700_firmware, Fas_a250_firmware, Fas_a400_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_bootstrap_os	5.5
2022-06-21	CVE-2022-2068	In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems...	Sannav, Debian_linux, Fedora, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Bootstrap_os, Element_software, Fas_8300_firmware, Fas_8700_firmware, Fas_a400_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_management_node, Ontap_antivirus_connector, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Smi\-S_provider, Snapmanager, Solidfire, Openssl, Sinec_ins	9.8
2022-07-27	CVE-2022-36879	An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.	Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Aff_500f_firmware, Aff_8300_firmware, Aff_8700_firmware, Aff_a250_firmware, Aff_a400_firmware, E\-Series_santricity_os_controller, Fas_500f_firmware, Fas_8300_firmware, Fas_8700_firmware, Fas_a250_firmware, Fas_a400_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_bootstrap_os	5.5
2022-08-18	CVE-2021-33060	Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.	Xeon_gold_5315y_firmware, Xeon_gold_5317_firmware, Xeon_gold_5318h_firmware, Xeon_gold_5318n_firmware, Xeon_gold_5318s_firmware, Xeon_gold_5318y_firmware, Xeon_gold_5320_firmware, Xeon_gold_5320h_firmware, Xeon_gold_5320t_firmware, Xeon_gold_6312u_firmware, Xeon_gold_6314u_firmware, Xeon_gold_6326_firmware, Xeon_gold_6328h_firmware, Xeon_gold_6328hl_firmware, Xeon_gold_6330_firmware, Xeon_gold_6330h_firmware, Xeon_gold_6330n_firmware, Xeon_gold_6334_firmware, Xeon_gold_6336y_firmware, Xeon_gold_6338_firmware, Xeon_gold_6338n_firmware, Xeon_gold_6338t_firmware, Xeon_gold_6342_firmware, Xeon_gold_6346_firmware, Xeon_gold_6348_firmware, Xeon_gold_6348h_firmware, Xeon_gold_6354_firmware, Xeon_platinum_8351n_firmware, Xeon_platinum_8352m_firmware, Xeon_platinum_8352s_firmware, Xeon_platinum_8352v_firmware, Xeon_platinum_8352y_firmware, Xeon_platinum_8353h_firmware, Xeon_platinum_8354h_firmware, Xeon_platinum_8356h_firmware, Xeon_platinum_8358_firmware, Xeon_platinum_8358p_firmware, Xeon_platinum_8360h_firmware, Xeon_platinum_8360hl_firmware, Xeon_platinum_8360y_firmware, Xeon_platinum_8362_firmware, Xeon_platinum_8368_firmware, Xeon_platinum_8368q_firmware, Xeon_platinum_8376h_firmware, Xeon_platinum_8376hl_firmware, Xeon_platinum_8380_firmware, Xeon_platinum_8380h_firmware, Xeon_platinum_8380hl_firmware, Xeon_silver_4309y_firmware, Xeon_silver_4310_firmware, Xeon_silver_4310t_firmware, Xeon_silver_4314_firmware, Xeon_silver_4316_firmware, Aff_a200_firmware, Aff_a220_firmware, Aff_a250_firmware, Aff_a300_firmware, Aff_a320_firmware, Aff_a400_firmware, Aff_a700_firmware, Aff_a700s_firmware, Aff_a800_firmware, Aff_a900_firmware, Aff_c190_firmware, Fas2600_firmware, Fas2700_firmware, Fas500f_firmware, Fas8200_firmware, Fas8300_firmware, Fas8700_firmware, Fas9000_firmware, Fas9500_firmware	7.8
2022-08-18	CVE-2021-33060	Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.	Xeon_gold_5315y_firmware, Xeon_gold_5317_firmware, Xeon_gold_5318h_firmware, Xeon_gold_5318n_firmware, Xeon_gold_5318s_firmware, Xeon_gold_5318y_firmware, Xeon_gold_5320_firmware, Xeon_gold_5320h_firmware, Xeon_gold_5320t_firmware, Xeon_gold_6312u_firmware, Xeon_gold_6314u_firmware, Xeon_gold_6326_firmware, Xeon_gold_6328h_firmware, Xeon_gold_6328hl_firmware, Xeon_gold_6330_firmware, Xeon_gold_6330h_firmware, Xeon_gold_6330n_firmware, Xeon_gold_6334_firmware, Xeon_gold_6336y_firmware, Xeon_gold_6338_firmware, Xeon_gold_6338n_firmware, Xeon_gold_6338t_firmware, Xeon_gold_6342_firmware, Xeon_gold_6346_firmware, Xeon_gold_6348_firmware, Xeon_gold_6348h_firmware, Xeon_gold_6354_firmware, Xeon_platinum_8351n_firmware, Xeon_platinum_8352m_firmware, Xeon_platinum_8352s_firmware, Xeon_platinum_8352v_firmware, Xeon_platinum_8352y_firmware, Xeon_platinum_8353h_firmware, Xeon_platinum_8354h_firmware, Xeon_platinum_8356h_firmware, Xeon_platinum_8358_firmware, Xeon_platinum_8358p_firmware, Xeon_platinum_8360h_firmware, Xeon_platinum_8360hl_firmware, Xeon_platinum_8360y_firmware, Xeon_platinum_8362_firmware, Xeon_platinum_8368_firmware, Xeon_platinum_8368q_firmware, Xeon_platinum_8376h_firmware, Xeon_platinum_8376hl_firmware, Xeon_platinum_8380_firmware, Xeon_platinum_8380h_firmware, Xeon_platinum_8380hl_firmware, Xeon_silver_4309y_firmware, Xeon_silver_4310_firmware, Xeon_silver_4310t_firmware, Xeon_silver_4314_firmware, Xeon_silver_4316_firmware, Aff_a200_firmware, Aff_a220_firmware, Aff_a250_firmware, Aff_a300_firmware, Aff_a320_firmware, Aff_a400_firmware, Aff_a700_firmware, Aff_a700s_firmware, Aff_a800_firmware, Aff_a900_firmware, Aff_c190_firmware, Fas2600_firmware, Fas2700_firmware, Fas500f_firmware, Fas8200_firmware, Fas8300_firmware, Fas8700_firmware, Fas9000_firmware, Fas9500_firmware	7.8
2020-04-10	CVE-2020-8832	The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.	Ubuntu_linux, Aff_8300_firmware, Aff_8700_firmware, Aff_a220_firmware, Aff_a320_firmware, Aff_a400_firmware, Aff_a700s_firmware, Aff_c190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, Fas8300_firmware, Fas8700_firmware, Fas_baseboard_management_controller_a220_firmware, Fas_baseboard_management_controller_a320_firmware, Fas_baseboard_management_controller_a400_firmware, Fas_baseboard_management_controller_a800_firmware, Fas_baseboard_management_controller_c190_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage	5.5