Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_backup
(Netapp)| Repositories |
• https://github.com/openbsd/src
• https://github.com/torvalds/linux • https://github.com/madler/zlib • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 342 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-05 | CVE-2021-28041 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | Fedora, Cloud_backup, Hci_compute_node_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Openssh, Communications_offline_mediation_controller, Zfs_storage_appliance | 7.1 | ||
| 2021-03-07 | CVE-2021-27363 | An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is... | Debian_linux, Linux_kernel, Cloud_backup, Solidfire_baseboard_management_controller_firmware | 4.4 | ||
| 2021-03-15 | CVE-2021-28375 | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. | Fedora, Linux_kernel, Cloud_backup, Solidfire_baseboard_management_controller_firmware | 7.8 | ||
| 2021-03-17 | CVE-2021-28660 | rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 8.8 | ||
| 2021-03-20 | CVE-2021-28951 | An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. | Fedora, Linux_kernel, A250_firmware, Aff_500f_firmware, Cloud_backup, Fas_500f_firmware, Solidfire_baseboard_management_controller_firmware | 5.5 | ||
| 2021-03-20 | CVE-2021-28952 | An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) | Fedora, Linux_kernel, A250_firmware, Aff_500f_firmware, Cloud_backup, Fas_500f_firmware, Solidfire_baseboard_management_controller_firmware | 7.8 | ||
| 2021-03-22 | CVE-2021-28964 | A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. | Debian_linux, Fedora, Linux_kernel, Aff_a250_firmware, Cloud_backup, Fas_500f_firmware, Solidfire_baseboard_management_controller_firmware | 4.7 | ||
| 2021-03-22 | CVE-2021-28971 | In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. | Debian_linux, Fedora, Linux_kernel, Aff_500f_firmware, Aff_a250_firmware, Cloud_backup, Solidfire_baseboard_management_controller_firmware | 5.5 | ||
| 2021-03-22 | CVE-2021-28972 | In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. | Fedora, Linux_kernel, Cloud_backup, Fas\/aff_baseboard_management_controller, Solidfire_baseboard_management_controller_firmware | 6.7 | ||
| 2021-03-26 | CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | Brocade_fabric_operating_system_firmware, Binutils, Cloud_backup, Ontap_select_deploy_administration_utility, Solidfire_\&_hci_management_node, Enterprise_linux | 6.3 |