Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hci_management_node
(Netapp)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/opencontainers/runc • https://github.com/openbsd/src |
| #Vulnerabilities | 182 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-05 | CVE-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use... | Mac_os_x, Macos, Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Sinema_remote_connect_server, Universal_forwarder | 5.3 | ||
| 2021-08-05 | CVE-2021-22926 | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable... | Curl, Active_iq_unified_manager, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
| 2022-07-07 | CVE-2022-32205 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are... | Macos, Debian_linux, Fedora, Curl, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Scalance_sc622\-2c_firmware, Scalance_sc626\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Universal_forwarder | 4.3 | ||
| 2022-07-07 | CVE-2022-32206 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand... | Debian_linux, Fedora, Curl, Bootstrap_os, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Scalance_sc622\-2c_firmware, Scalance_sc626\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Universal_forwarder | 6.5 | ||
| 2022-07-07 | CVE-2022-32207 | When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | Macos, Debian_linux, Fedora, Curl, Bootstrap_os, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Universal_forwarder | 9.8 | ||
| 2022-07-07 | CVE-2022-32208 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | Macos, Debian_linux, Fedora, Curl, Bootstrap_os, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Universal_forwarder | 5.9 | ||
| 2022-09-23 | CVE-2022-35252 | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | Macos, Debian_linux, Curl, Bootstrap_os, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Universal_forwarder | 3.7 | ||
| 2021-04-08 | CVE-2021-29154 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire | 7.8 | ||
| 2022-04-19 | CVE-2022-21476 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can... | Zulu, Debian_linux, Active_iq_unified_manager, Bootstrap_os, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Element_software, Hci_management_node, Oncommand_insight, Santricity_unified_manager, Solidfire, Graalvm, Jdk, Openjdk | 7.5 | ||
| 2019-09-19 | CVE-2019-14821 | An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of... | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Leap, Sd\-Wan_edge, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host | 8.8 |