Product:

Solidfire

(Netapp)
Date Id Summary Products Score Patch Annotated
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Element_software, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt 9.8
2022-05-16 CVE-2022-1586 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Fedora, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire, Pcre2, Enterprise_linux 9.1
2022-05-16 CVE-2022-1587 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Fedora, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire, Pcre2, Enterprise_linux 9.1
2019-07-30 CVE-2019-14444 apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. Ubuntu_linux, Binutils, Hci_management_node, Solidfire, Leap 5.5
2021-07-20 CVE-2021-33909 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Debian_linux, Fedora, Linux_kernel, Hci_management_node, Solidfire, Communications_session_border_controller, Sma1000_firmware 7.8
2022-06-21 CVE-2022-2068 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems... Sannav, Debian_linux, Fedora, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Bootstrap_os, Element_software, Fas_8300_firmware, Fas_8700_firmware, Fas_a400_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_management_node, Ontap_antivirus_connector, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Smi\-S_provider, Snapmanager, Solidfire, Openssl, Sinec_ins 9.8
2022-09-23 CVE-2022-35252 When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Macos, Debian_linux, Curl, Bootstrap_os, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire 3.7
2020-05-09 CVE-2020-12770 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage 6.7
2019-12-08 CVE-2019-19448 In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. Ubuntu_linux, Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Cloud_backup, Data_availability_services, Fas_8300_firmware, Fas_8700_firmware, Fas_a400_firmware, H610s_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage 7.8
2020-04-02 CVE-2020-8835 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) Ubuntu_linux, Fedora, Linux_kernel, 8300_firmware, 8700_firmware, A220_firmware, A320_firmware, A400_firmware, A700s_firmware, A800_firmware, C190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage 7.8