Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_backup
(Netapp)| Repositories |
• https://github.com/openbsd/src
• https://github.com/torvalds/linux • https://github.com/madler/zlib • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 342 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-12 | CVE-2020-8754 | Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | Active_management_technology_firmware, Standard_manageability, Cloud_backup | 7.5 | ||
| 2020-11-12 | CVE-2020-8757 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | Active_management_technology_firmware, Cloud_backup | 6.7 | ||
| 2020-11-12 | CVE-2020-8760 | Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | Active_management_technology_firmware, Cloud_backup | 7.8 | ||
| 2020-12-11 | CVE-2020-27786 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Linux_kernel, Cloud_backup, Solidfire_baseboard_management_controller, Enterprise_linux, Enterprise_mrg, Openshift_container_platform | 7.8 | ||
| 2020-12-06 | CVE-2020-29573 | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC... | Glibc, Cloud_backup, Solidfire_baseboard_management_controller, Enterprise_linux | 7.5 | ||
| 2021-09-20 | CVE-2021-38300 | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. | Debian_linux, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware | 7.8 | ||
| 2019-10-09 | CVE-2019-16905 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | Cloud_backup, Steelstore_cloud_integrated_storage, Openssh, Scalance_x204rna_ecc_firmware, Scalance_x204rna_firmware | 7.8 | ||
| 2020-08-19 | CVE-2020-14356 | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Leap, Enterprise_linux | 7.8 | ||
| 2018-08-17 | CVE-2018-15473 | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | Ubuntu_linux, Debian_linux, Aff_baseboard_management_controller, Cloud_backup, Clustered_data_ontap, Cn1610_firmware, Data_ontap, Data_ontap_edge, Fas_baseboard_management_controller, Oncommand_unified_manager, Ontap_select_deploy, Service_processor, Steelstore_cloud_integrated_storage, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Openssh, Sun_zfs_storage_appliance_kit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Scalance_x204rna_firmware | 5.3 | ||
| 2019-01-10 | CVE-2018-20685 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | Ubuntu_linux, Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Element_software, Ontap_select_deploy, Steelstore_cloud_integrated_storage, Storage_automation_store, Openssh, Solaris, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Scalance_x204rna_eec_firmware, Scalance_x204rna_firmware, Winscp | 5.3 |