Product:

Santricity_smi\-S_provider

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date ID Summary Products Score Patch
2018-10-29 CVE-2018-0735 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Ubuntu_linux, Debian_linux, Cloud_backup, Cn1610_firmware, Element_software, Oncommand_unified_manager, Santricity_smi\-S_provider, Smi\-S_provider, Snapdrive, Steelstore, Node\.js, Openssl, Api_gateway, Application_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql, Peoplesoft_enterprise_peopletools, Primavera_p6_enterprise_project_portfolio_management, Secure_global_desktop, Tuxedo, Vm_virtualbox 5.9
2018-10-30 CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). Ubuntu_linux, Debian_linux, Cloud_backup, Cn1610_firmware, Oncommand_unified_manager, Santricity_smi\-S_provider, Snapcenter, Steelstore, Storage_automation_store, Node\.js, Openssl, Api_gateway, E\-Business_suite_technology_stack, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_enterprise_backup, Peoplesoft_enterprise_peopletools, Primavera_p6_professional_project_management, Tuxedo 5.9
2019-02-27 CVE-2019-1559 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt... Ubuntu_linux, Debian_linux, Traffix_signaling_delivery_controller, Element_software, Hyper_converged_infrastructure, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Snapdrive, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Openssl, Leap, Nessus 5.9