Note:
This project will be discontinued after December 13, 2021. [more]
Product:
500f_firmware
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-31 | CVE-2024-1086 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | Debian_linux, Fedora, Linux_kernel, 500f_firmware, A250_firmware, C250_firmware, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_server, Enterprise_linux_workstation | 7.8 | ||
| 2022-03-15 | CVE-2022-0778 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to... | Debian_linux, Fedora, Mariadb, 500f_firmware, A250_firmware, Cloud_volumes_ontap_mediator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Santricity_smi\-S_provider, Storagegrid, Node\.js, Openssl, Nessus | 7.5 | ||
| 2023-02-03 | CVE-2023-25136 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | Fedora, 500f_firmware, A250_firmware, C250_firmware, Ontap_select_deploy_administration_utility, Openssh | 6.5 | ||
| 2020-11-28 | CVE-2020-29374 | An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. | Debian_linux, Linux_kernel, 500f_firmware, A250_firmware, H410c_firmware, Hci_compute_node_bios, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node | 3.6 | ||
| 2021-01-04 | CVE-2019-25013 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | Fabric_operating_system, Debian_linux, Fedora, Glibc, 500f_firmware, A250_firmware, Ontap_select_deploy_administration_utility, Service_processor | 5.9 | ||
| 2021-12-14 | CVE-2021-4044 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only... | 500f_firmware, A250_firmware, Cloud_backup, E\-Series_performance_analyzer, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Snapcenter, Node\.js, Openssl | 7.5 | ||
| 2021-02-17 | CVE-2020-8625 | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well... | Debian_linux, Fedora, Bind, 500f_firmware, A250_firmware, Cloud_backup, Sinec_infrastructure_network_services | 8.1 | ||
| 2021-04-29 | CVE-2021-25215 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S,... | Debian_linux, Fedora, Bind, 500f_firmware, A250_firmware, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Tekelec_platform_distribution, Sinec_infrastructure_network_services | 7.5 | ||
| 2021-05-26 | CVE-2020-25668 | A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | Debian_linux, Linux_kernel, 500f_firmware, A250_firmware, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware | 7.0 | ||
| 2021-02-26 | CVE-2020-27618 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | Debian_linux, Glibc, 500f_firmware, A250_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_service_communication_proxy | 5.5 |