Product:

Solidfire_\&_hci_management_node

(Netapp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 95
Date Id Summary Products Score Patch Annotated
2020-12-15 CVE-2020-29569 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a... Debian_linux, Linux_kernel, Hci_compute_node_bios, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Xen 8.8
2021-01-04 CVE-2020-35493 A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Brocade_fabric_operating_system_firmware, Fedora, Binutils, Cloud_backup, Hci_compute_node_firmware, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node 5.5
2021-01-04 CVE-2020-35494 There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Brocade_fabric_operating_system_firmware, Fedora, Binutils, Cloud_backup, Hci_compute_node_firmware, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node 6.1
2021-01-04 CVE-2020-35495 There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Brocade_fabric_operating_system_firmware, Fedora, Binutils, Cloud_backup, Hci_compute_node_firmware, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node 5.5
2021-01-04 CVE-2020-35496 There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Brocade_fabric_operating_system_firmware, Fedora, Binutils, Cloud_backup, Hci_compute_node_firmware, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node 5.5
2021-01-04 CVE-2020-35507 There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. Brocade_fabric_operating_system, Binutils, Cloud_backup, Hci_compute_node_firmware, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Enterprise_linux 5.5
2021-02-05 CVE-2021-26708 A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Linux_kernel, Aff_baseboard_management_controller, Baseboard_management_controller_500f_firmware, Baseboard_management_controller_a250_firmware, Cloud_backup, Fas_baseboard_management_controller, Hci_h410c_firmware, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller 7.0
2021-02-17 CVE-2021-26932 An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors... Debian_linux, Fedora, Linux_kernel, Cloud_backup, Hci_compute_node, Hci_h410c_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node 5.5
2021-03-15 CVE-2021-26987 Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. Element_plug\-In_for_vcenter_server, Management_services_for_element_software_and_netapp_hci, Solidfire_\&_hci_management_node, Spring_boot 9.8
2021-03-26 CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Brocade_fabric_operating_system_firmware, Binutils, Cloud_backup, Ontap_select_deploy_administration_utility, Solidfire_\&_hci_management_node, Enterprise_linux 6.3