Product:

Solidfire

(Netapp)
Date Id Summary Products Score Patch Annotated
2019-09-24 CVE-2019-5094 An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Ubuntu_linux, Debian_linux, E2fsprogs, Fedora, Hci_management_node, Solidfire 6.7
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_storage_node, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Symantec_netbackup, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib 9.8
2019-12-23 CVE-2019-5108 An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can... Ubuntu_linux, Debian_linux, Linux_kernel, 8300_firmware, 8700_firmware, A400_firmware, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, H610s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Sd\-Wan_edge 6.5
2021-12-13 CVE-2021-43818 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. Debian_linux, Fedora, Lxml, Hci_storage_node_firmware, Solidfire, Solidfire_enterprise_sds, Http_server, Zfs_storage_appliance_kit 7.1
2021-07-20 CVE-2021-33910 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. Debian_linux, Fedora, Hci_management_node, Solidfire, Systemd 5.5
2021-08-05 CVE-2021-22925 curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use... Mac_os_x, Macos, Fedora, Curl, Clustered_data_ontap, Hci_management_node, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services 5.3
2022-01-01 CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Debian_linux, Libexpat, Active_iq_unified_manager, Hci_management_node, Oncommand_workflow_automation, Solidfire, Nessus 8.8
2019-11-28 CVE-2019-18276 An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared... Bash, Hci_management_node, Oncommand_unified_manager, Solidfire, Communications_cloud_native_core_policy 7.8
2021-03-05 CVE-2021-28041 ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. Fedora, Cloud_backup, Hci_compute_node_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Openssh, Communications_offline_mediation_controller, Zfs_storage_appliance 7.1
2021-08-05 CVE-2021-22926 libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable... Curl, Active_iq_unified_manager, Clustered_data_ontap, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services 7.5