Cloud_backup - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Cloud_backup
(Netapp)

Repositories	• https://github.com/openbsd/src • https://github.com/torvalds/linux • https://github.com/madler/zlib • https://github.com/openssh/openssh-portable
#Vulnerabilities	342

Date	Id	Summary	Products	Score	Patch	Annotated
2020-05-15	CVE-2020-12888	The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap	5.3
2020-05-18	CVE-2020-13143	gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.	Ubuntu_linux, Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap	6.5
2020-05-19	CVE-2020-7656	jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.	Jquery, Junos, Active_iq_unified_manager, Cloud_backup, Oncommand_system_manager, Snap_creator_framework, Peoplesoft_enterprise_peopletools	6.1
2020-05-27	CVE-2020-13630	ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.	Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite	7.0
2020-05-27	CVE-2020-13631	SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.	Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Fabric_operating_system, Ubuntu_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite	5.5
2020-05-27	CVE-2020-13632	ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.	Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite	5.5
2020-05-28	CVE-2020-13645	In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.	Fabric_operating_system, Ubuntu_linux, Fedora, Balsa, Glib\-Networking, Cloud_backup	6.5
2020-06-04	CVE-2020-13817	ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.	M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Clustered_data_ontap, Data_ontap, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Ontap_tools, Solidfire, Steelstore_cloud_integrated_storage, Ntp, Leap	7.4
2020-06-06	CVE-2020-13871	SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.	Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite	7.5
2020-06-15	CVE-2020-14155	libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.	Macos, Gitlab, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage, Communications_cloud_native_core_policy, Pcre, Universal_forwarder	5.3