Product:

Cloud_backup

(Netapp)
Date Id Summary Products Score Patch Annotated
2018-01-21 CVE-2016-10708 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. Ubuntu_linux, Debian_linux, Cloud_backup, Clustered_data_ontap, Data_ontap, Data_ontap_edge, Oncommand_unified_manager, Service_processor, Storagegrid, Storagegrid_webscale, Vasa_provider, Openssh 7.5
2021-03-05 CVE-2021-28041 ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. Fedora, Cloud_backup, Hci_compute_node_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Openssh 7.1
2019-02-26 CVE-2009-5155 In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. Glibc, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage 7.5
2020-05-28 CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. Fabric_operating_system, Ubuntu_linux, Fedora, Balsa, Glib\-Networking, Cloud_backup 6.5
2018-06-18 CVE-2018-1333 By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). Http_server, Ubuntu_linux, Cloud_backup, Storage_automation_store, Jboss_core_services 7.5
2018-07-18 CVE-2018-8011 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). Http_server, Cloud_backup 7.5
2020-11-12 CVE-2020-8760 Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Active_management_technology, Cloud_backup 7.8
2020-11-12 CVE-2020-8757 Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Active_management_technology, Cloud_backup 6.7
2020-11-12 CVE-2020-8754 Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Active_management_technology, Standard_manageability, Cloud_backup 7.5
2020-11-12 CVE-2020-8752 Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. Active_management_technology, Standard_manageability, Cloud_backup 9.8