Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solidfire
(Netapp)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/opencontainers/runc • https://github.com/madler/zlib • https://github.com/openbsd/src |
| #Vulnerabilities | 191 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-24 | CVE-2020-15778 | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | Fabric_operating_system, A700s_firmware, Active_iq_unified_manager, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage, Openssh | 7.8 | ||
| 2020-07-30 | CVE-2020-16166 | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_santricity_os_controller, H410c_firmware, Hci_bootstrap_os, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Storagegrid, Leap, Sd\-Wan_edge | 3.7 | ||
| 2020-08-19 | CVE-2020-14356 | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Leap, Enterprise_linux | 7.8 | ||
| 2020-08-20 | CVE-2020-15862 | Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. | Ubuntu_linux, Net\-Snmp, Cloud_backup, Hci_management_node, Smi\-S_provider, Solidfire | 7.8 | ||
| 2020-09-27 | CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | Ubuntu_linux, Debian_linux, Fedora, Hci_compute_node, Hci_storage_node, Solidfire, Leap, Zfs_storage_appliance_kit, Python | 7.2 | ||
| 2020-10-21 | CVE-2020-14781 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note:... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14779 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,... | Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager_core_package, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14792 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Debian_linux, Epolicy_orchestrator, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14796 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A | ||
| 2020-10-21 | CVE-2020-14797 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded... | Debian_linux, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | N/A |