Note:
This project will be discontinued after December 13, 2021. [more]
Product:
E\-Series_santricity_os_controller
(Netapp)| Repositories |
• https://github.com/Perl/perl5
• https://github.com/mm2/Little-CMS • https://github.com/madler/zlib |
| #Vulnerabilities | 240 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-15 | CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. | Jetty, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Hci_management_node, Snap_creator_framework, Snapcenter_plug\-In, Solidfire, Autovue_for_agile_product_lifecycle_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Financial_services_crime_and_compliance_management_studio, Rest_data_services, Retail_eftlink, Stream_analytics | 5.3 | ||
| 2021-07-22 | CVE-2021-35942 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | Debian_linux, Glibc, Active_iq_unified_manager, E\-Series_santricity_os_controller, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire | 9.1 | ||
| 2021-10-20 | CVE-2021-35561 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a... | Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk | 5.3 | ||
| 2021-10-20 | CVE-2021-35567 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the... | Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk | 6.8 | ||
| 2022-03-25 | CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | Mac_os_x, Macos, Zulu, Debian_linux, Fedora, Gotoassist, Mariadb, Active_iq_unified_manager, E\-Series_santricity_os_controller, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_compute_node, Management_services_for_element_software, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Python, Scalance_sc622\-2c_firmware, Scalance_sc626\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Zlib | 7.5 | ||
| 2022-03-25 | CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, E\-Series_santricity_os_controller, Element_software, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy | 6.8 | ||
| 2022-05-25 | CVE-2022-1678 | An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | Linux_kernel, Active_iq_unified_manager, Bootstrap_os, Cloud_volumes_ontap_mediator, E\-Series_santricity_os_controller, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Storagegrid | 7.5 | ||
| 2018-01-22 | CVE-2018-5968 | FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | Debian_linux, Jackson\-Databind, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Oncommand_shift, Jboss_enterprise_application_platform, Openshift_container_platform, Virtualization, Virtualization_host | 8.1 | ||
| 2018-01-10 | CVE-2017-17485 | FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. | Debian_linux, Jackson\-Databind, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Oncommand_shift, Snapcenter, Jboss_enterprise_application_platform, Openshift_container_platform | 9.8 | ||
| 2022-04-19 | CVE-2022-21426 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result... | Zulu, Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_compute_node_firmware, Oncommand_insight, Santricity_unified_manager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Graalvm, Jdk, Jre | 5.3 |