Latest netapp hci storage node Vulnerabilities

CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content ...
redhat/python-lxml<4.6.5
redhat/python-lxml<0:4.2.3-4.el8
redhat/python-lxml<0:4.7.1-1.el8
redhat/rh-python38-python-lxml<0:4.4.1-8.el7
debian/lxml
Lxml Lxml<4.6.5
and 15 more
CVE-2021-38202
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is bein...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 72 more
CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arrang...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 125 more
CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of fre...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 72 more
CVE-2021-38160
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer s...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 130 more
CVE-2021-38201
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
redhat/kernel-rt<0:4.18.0-305.17.1.rt7.89.el8_4
redhat/kernel<0:4.18.0-305.17.1.el8_4
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
and 91 more
CVE-2021-2163
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact...
debian/openjdk-11
debian/openjdk-17
debian/openjdk-8
IBM Sterling Secure Proxy<=6.0.3
Oracle JDK=1.7.0-update291
Oracle JDK=1.8.0-update281
and 131 more
CVE-2021-2161
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact...
IBM DRM<=2.0.6
Oracle JDK=1.7.0-update291
Oracle JDK=1.8.0-update281
Oracle JDK=11.0.10
Oracle JDK=16.0.0
Oracle JRE=1.8.0-update281
and 140 more
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 28 more
CVE-2021-22876
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request hea...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 34 more
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an a...
Openbsd Openssh>=8.2<8.5
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
and 6 more
CVE-2020-8584
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
Netapp Hci Management Node
Netapp Solidfire
Netapp Hci Storage Node
Netapp Element Os<1.8
Netapp Element Os>=12.0<=12.2
Netapp Element Os=1.8
CVE-2020-8286
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 67 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-8285
curl. A buffer overflow was addressed with improved input validation.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 105 more
CVE-2020-8284
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 113 more
CVE-2020-29369
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations ...
Linux Linux kernel>=4.20<5.4.54
Linux Linux kernel>=5.5<5.7.11
Netapp Hci Management Node
Netapp Solidfire
Netapp Hci Compute Node
Netapp Hci Storage Node
and 83 more
CVE-2020-8698
A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.
Intel Microcode
Intel Core I3-1000g1
Intel Core I3-1000g4
Intel Core I3-1005g1
Intel Core I3-1110g4
Intel Core I3-1115g4
and 43 more
CVE-2020-8696
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Intel Microcode
Intel Celeron 3855u
Intel Celeron 3865u
Intel Celeron 3955u
Intel Celeron 3965u
Intel Celeron 3965y
and 496 more
CVE-2020-14798
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
debian/openjdk-11
debian/openjdk-8
IBM Cloud Pak for Automation<=20.0.3-IF002
IBM Cloud Pak for Automation<=21.0.1
Oracle JDK=1.7.0-update271
Oracle JDK=1.8.0-update261
and 21 more
CVE-2020-14796
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 33 more
CVE-2020-14803
An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.80-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 38 more
CVE-2020-14797
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 33 more
CVE-2020-14792
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2
redhat/java<11-openjdk-1:11.0.9.11-0.el8_0
and 39 more
CVE-2020-14781
An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown at...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 30 more
CVE-2020-14779
An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 34 more
CVE-2020-15778
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh<8.3
Openbsd Openssh=8.3
Openbsd Openssh=8.3-p1
Netapp A700s Firmware
Netapp A700s
and 9 more
CVE-2020-14145
OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the ...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh>=5.7<8.4
Openbsd Openssh=8.4
Openbsd Openssh=8.5
Openbsd Openssh=8.6
Netapp Aff A700s Firmware
and 8 more
CVE-2020-26116
Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the first argument of HTTPConnection.request, ...
redhat/python<0:2.7.5-92.el7_9
redhat/python3<0:3.6.8-37.el8
redhat/python3<0:3.6.8-24.el8_2
redhat/rh-python36-python<0:3.6.12-1.el6
redhat/rh-python36-python-pip<0:9.0.1-5.el6
redhat/rh-python36-python-virtualenv<0:15.1.0-3.el6
and 37 more
CVE-2019-19462
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
ubuntu/linux<4.15.0-109.110
ubuntu/linux<5.4.0-42.46
ubuntu/linux<5.8~
ubuntu/linux-aws<4.15.0-1077.81
ubuntu/linux-aws<5.4.0-1020.20
ubuntu/linux-aws<5.8~
and 86 more
CVE-2019-17006
Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when using certain cryptographic primitives. By se...
redhat/nspr<0:4.25.0-2.el7_9
redhat/nss<0:3.53.1-3.el7_9
redhat/nss-softokn<0:3.53.1-6.el7_9
redhat/nss-util<0:3.53.1-1.el7_9
redhat/nss-softokn<0:3.28.3-10.el7_4
redhat/nss<0:3.36.0-9.el7_6
and 34 more
CVE-2019-19050
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypt...
ubuntu/linux<5.3.0-40.32
ubuntu/linux<5.5~
ubuntu/linux-aws<5.3.0-1011.12
ubuntu/linux-aws<5.5~
ubuntu/linux-aws-5.0<5.0.0-1024.27~18.04.1
ubuntu/linux-aws-5.0<5.5~
and 79 more
CVE-2019-19069
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_g...
ubuntu/linux<5.3.0-24.26
ubuntu/linux<5.4~
ubuntu/linux-aws<5.3.0-1008.9
ubuntu/linux-aws<5.4~
ubuntu/linux-aws-5.0<5.4~
ubuntu/linux-aws-hwe<5.4~
and 65 more
CVE-2020-11868
NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet with a spoofed source IP address, a remote attacker could exploit this vulnerability to block unauth...
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
redhat/ntp<4.2.8
redhat/ntp<4.3.100
NTP ntp<=4.2.7
NTP ntp>=4.3.98<4.3.100
and 52 more
CVE-2019-11815
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
debian/linux<=4.9.168-2<=4.19.28-2<=3.16.64-2<=4.9.168-1
ubuntu/linux<4.15.0-55.60
ubuntu/linux<5.0.0-16.17
ubuntu/linux<5.1~
ubuntu/linux<4.4.0-150.176
ubuntu/linux-aws<4.15.0-1047.49
and 93 more
CVE-2019-18805
A flaw was reported in kernel TCP subsystem while calculating a packet round trip time, when a sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) when is set wrongly. This causes an integer over f...
redhat/kernel-alt<0:4.14.0-115.18.1.el7a
redhat/kernel-rt<0:4.18.0-193.rt13.51.el8
redhat/kernel<0:4.18.0-193.el8
Linux Linux kernel>=4.4<4.4.180
Linux Linux kernel>=4.9<4.9.172
Linux Linux kernel>=4.14<4.14.115
and 31 more
CVE-2017-7658
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.2.25.
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
and 28 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203