Note:
This project will be discontinued after December 13, 2021. [more]
Product:
E\-Series_santricity_os_controller
(Netapp)Repositories |
• https://github.com/Perl/perl5
• https://github.com/mm2/Little-CMS • https://github.com/madler/zlib |
#Vulnerabilities | 240 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-07-01 | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | Linux_2023, Ubuntu_linux, Debian_linux, Freebsd, E\-Series_santricity_os_controller, Ontap_select_deploy_administration_utility, Ontap_tools, Netbsd, Openssh, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Openshift_container_platform, Linux_enterprise_micro | 8.1 | ||
2019-07-17 | CVE-2019-13272 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor... | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_a700s_firmware, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, H410c_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Enterprise_linux, Enterprise_linux_for_arm_64, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus | 7.8 | ||
2021-10-20 | CVE-2021-35559 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a... | Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk | 5.3 | ||
2020-12-08 | CVE-2020-1971 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp... | Debian_linux, Fedora, Active_iq_unified_manager, Aff_a250_firmware, Clustered_data_ontap_antivirus_connector, Data_ontap, E\-Series_santricity_os_controller, Ef600a_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_smi\-S_provider, Snapcenter, Solidfire, Node\.js, Openssl, Api_gateway, Business_intelligence, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_diameter_intelligence_hub, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_manager_base_platform, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Graalvm, Http_server, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Log_correlation_engine, Nessus_network_monitor | 5.9 | ||
2021-08-24 | CVE-2021-3711 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out"... | Debian_linux, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Santricity_smi\-S_provider, Snapcenter, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Nessus_network_monitor, Tenable\.sc | 9.8 | ||
2021-08-24 | CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the... | Debian_linux, Epolicy_orchestrator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Santricity_smi\-S_provider, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_console, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Nessus_network_monitor, Tenable\.sc | 7.4 | ||
2022-01-19 | CVE-2022-21299 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_storage_plugin, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk | 5.3 | ||
2021-10-20 | CVE-2021-35550 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete... | Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk | 5.9 | ||
2021-10-20 | CVE-2021-35556 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a... | Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk | 5.3 | ||
2021-10-20 | CVE-2021-35560 | Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically... | E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Santricity_unified_manager, Openjdk | 7.5 |