Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ontap_select_deploy
(Netapp)| Repositories |
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-17 | CVE-2018-15473 | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | Ubuntu_linux, Debian_linux, Aff_baseboard_management_controller, Cloud_backup, Clustered_data_ontap, Cn1610_firmware, Data_ontap, Data_ontap_edge, Fas_baseboard_management_controller, Oncommand_unified_manager, Ontap_select_deploy, Service_processor, Steelstore_cloud_integrated_storage, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Openssh, Sun_zfs_storage_appliance_kit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Scalance_x204rna_firmware | 5.3 | ||
| 2019-01-10 | CVE-2018-20685 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | Ubuntu_linux, Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Element_software, Ontap_select_deploy, Steelstore_cloud_integrated_storage, Storage_automation_store, Openssh, Solaris, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Scalance_x204rna_eec_firmware, Scalance_x204rna_firmware, Winscp | 5.3 | ||
| 2019-01-31 | CVE-2019-6110 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | Element_software, Ontap_select_deploy, Storage_automation_store, Openssh, Scalance_x204rna_eec_firmware, Scalance_x204rna_firmware, Winscp | 6.8 | ||
| 2018-08-28 | CVE-2018-15919 | Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | Cloud_backup, Cn1610_firmware, Data_ontap_edge, Ontap_select_deploy, Steelstore, Openssh | 5.3 |