Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solidfire
(Netapp)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/opencontainers/runc • https://github.com/madler/zlib • https://github.com/openbsd/src |
| #Vulnerabilities | 191 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-07 | CVE-2021-22555 | A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | Fabric_operating_system, Linux_kernel, Aff_500f_firmware, Aff_a250_firmware, Aff_a400_firmware, Fas_8300_firmware, Fas_8700_firmware, H610c_firmware, H610s_firmware, H615c_firmware, Hci_management_node, Solidfire | 7.8 | ||
| 2021-07-15 | CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. | Jetty, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Hci_management_node, Snap_creator_framework, Snapcenter_plug\-In, Solidfire, Autovue_for_agile_product_lifecycle_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Financial_services_crime_and_compliance_management_studio, Rest_data_services, Retail_eftlink, Stream_analytics | 5.3 | ||
| 2021-07-20 | CVE-2021-33909 | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | Debian_linux, Fedora, Linux_kernel, Hci_management_node, Solidfire, Communications_session_border_controller, Sma1000_firmware | 7.8 | ||
| 2021-07-20 | CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | Debian_linux, Fedora, Hci_management_node, Solidfire, Systemd | 5.5 | ||
| 2021-07-22 | CVE-2021-35942 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | Debian_linux, Glibc, Active_iq_unified_manager, E\-Series_santricity_os_controller, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire | 9.1 | ||
| 2021-08-05 | CVE-2021-22922 | When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that... | Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 6.5 | ||
| 2021-08-05 | CVE-2021-22923 | When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. | Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 5.3 | ||
| 2021-08-05 | CVE-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use... | Mac_os_x, Macos, Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Sinema_remote_connect_server, Universal_forwarder | 5.3 | ||
| 2021-08-05 | CVE-2021-22926 | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable... | Curl, Active_iq_unified_manager, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
| 2021-08-07 | CVE-2021-38160 | In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior | Debian_linux, Linux_kernel, Element_software, Hci_bootstrap_os, Hci_management_node, Solidfire, Enterprise_linux | 7.8 |