Product:
Hci_storage_node
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-08 | CVE-2020-1971 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp... | Debian_linux, Fedora, Active_iq_unified_manager, Aff_a250_firmware, Clustered_data_ontap_antivirus_connector, Data_ontap, E\-Series_santricity_os_controller, Ef600a_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_smi\-S_provider, Snapcenter, Solidfire, Openssl, Api_gateway, Business_intelligence, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_server, Peoplesoft_enterprise_peopletools, Log_correlation_engine, Nessus_network_monitor | 5.9 | ||
| 2019-05-08 | CVE-2019-11815 | An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Snapprotect, Solidfire, Storage_replication_adapter, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap | 8.1 | ||
| 2020-06-29 | CVE-2020-14145 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. | Active_iq_unified_manager, Aff_a700s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Ontap_select_deploy_administration_utility, Solidfire, Steelstore_cloud_integrated_storage, Openssh | 5.9 | ||
| 2020-10-22 | CVE-2019-17006 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | Network_security_services, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Ruggedcom_rox_mx5000_firmware, Ruggedcom_rox_rx1400_firmware, Ruggedcom_rox_rx1500_firmware, Ruggedcom_rox_rx1501_firmware, Ruggedcom_rox_rx1510_firmware, Ruggedcom_rox_rx1511_firmware, Ruggedcom_rox_rx1512_firmware, Ruggedcom_rox_rx5000_firmware | 9.8 | ||
| 2021-01-08 | CVE-2020-8584 | Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | Element_os, Hci_management_node, Hci_storage_node, Solidfire | 9.8 | ||
| 2018-06-26 | CVE-2017-7658 | In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the... | Debian_linux, Jetty, Xp_p9000_command_view, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Hci_management_node, Hci_storage_node, Oncommand_system_manager, Oncommand_unified_manager_for_7\-Mode, Santricity_cloud_connector, Snap_creator_framework, Snapcenter, Snapmanager, Solidfire, Storage_services_connector, Rest_data_services, Retail_xstore_payment, Retail_xstore_point_of_service | 9.8 | ||
| 2021-04-01 | CVE-2021-22876 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire | 5.3 | ||
| 2021-04-01 | CVE-2021-22890 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby... | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_management_node, Hci_storage_node, Solidfire | 3.7 | ||
| 2019-11-18 | CVE-2019-19050 | A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. | Fabric_operating_system, Ubuntu_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage | 7.5 | ||
| 2019-11-18 | CVE-2019-19069 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. | Fabric_operating_system, Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage | 7.5 |