Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_backup
(Netapp)| Repositories |
• https://github.com/openbsd/src
• https://github.com/torvalds/linux • https://github.com/madler/zlib • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 342 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-04 | CVE-2019-18683 | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(),... | Fabric_operating_system, Ubuntu_linux, Debian_linux, Linux_kernel, 8300_firmware, 8700_firmware, A400_firmware, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Element_software, H610s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 7.0 | ||
| 2021-06-02 | CVE-2021-3520 | There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | Lz4, Active_iq_unified_manager, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_policy, Zfs_storage_appliance_kit, Universal_forwarder | 9.8 | ||
| 2021-05-26 | CVE-2021-22543 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 7.8 | ||
| 2020-06-15 | CVE-2020-14155 | libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | Macos, Gitlab, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage, Communications_cloud_native_core_policy, Pcre, Universal_forwarder | 5.3 | ||
| 2021-06-11 | CVE-2021-22897 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this... | Curl, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 5.3 | ||
| 2021-06-11 | CVE-2021-22901 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket... | Curl, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 8.1 | ||
| 2021-08-05 | CVE-2021-22922 | When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that... | Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 6.5 | ||
| 2021-08-05 | CVE-2021-22923 | When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. | Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 5.3 | ||
| 2021-08-05 | CVE-2021-22924 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the... | Debian_linux, Fedora, Libcurl, Cloud_backup, Clustered_data_ontap, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Mysql_server, Peoplesoft_enterprise_peopletools, Logo\!_cmr2020_firmware, Logo\!_cmr2040_firmware, Ruggedcomrm_1224_lte_firmware, Scalance_m804pb_firmware, Scalance_m812\-1_firmware, Scalance_m816\-1_firmware, Scalance_m826\-2_firmware, Scalance_m874\-2_firmware, Scalance_m874\-3_firmware, Scalance_m876\-3_firmware, Scalance_m876\-4_firmware, Scalance_mum856\-1_firmware, Scalance_s615_firmware, Simatic_cp_1543\-1_firmware, Simatic_cp_1545\-1_firmware, Simatic_rtu3010c_firmware, Simatic_rtu3030c_firmware, Simatic_rtu3031c_firmware, Simatic_rtu_3041c_firmware, Sinec_infrastructure_network_services, Sinema_remote_connect, Sinema_remote_connect_server, Siplus_net_cp_1543\-1_firmware, Universal_forwarder | 3.7 | ||
| 2021-08-05 | CVE-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use... | Mac_os_x, Macos, Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Sinema_remote_connect_server, Universal_forwarder | 5.3 |