Latest netapp cloud backup Vulnerabilities

CVE-2020-23064
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
Jquery Jquery>=2.2.0<3.5.0
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
npm/jquery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
nuget/jQuery>=1.0.3<3.5.0
Netapp Active Iq Unified Manager Linux
and 4 more
CVE-2021-33068
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.
Intel Active Management Technology Firmware<15.0.35
Netapp Cloud Backup
CVE-2021-0125
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
Netapp Cloud Backup
Netapp Fas\/aff Bios
Intel Xeon Bronze 3206r Firmware
Intel Xeon Bronze 3206r
Intel Xeon Gold 5218r Firmware
Intel Xeon Gold 5218r
and 1354 more
CVE-2021-0115
Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0156
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.
Netapp Cloud Backup
Netapp Fas\/aff Bios
Intel Xeon Bronze 3206r Firmware
Intel Xeon Bronze 3206r
Intel Xeon Gold 5218r Firmware
Intel Xeon Gold 5218r
and 1352 more
CVE-2021-0119
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
Netapp Cloud Backup
Netapp Fas\/aff Bios
Intel Xeon Bronze 3206r Firmware
Intel Xeon Bronze 3206r
Intel Xeon Gold 5218r Firmware
Intel Xeon Gold 5218r
and 1354 more
CVE-2021-0124
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
Netapp Cloud Backup
Netapp Fas\/aff Bios
Intel Xeon Bronze 3206r Firmware
Intel Xeon Bronze 3206r
Intel Xeon Gold 5218r Firmware
Intel Xeon Gold 5218r
and 1354 more
CVE-2021-0117
Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
Netapp Cloud Backup
Netapp Fas\/aff Bios
Intel Xeon Bronze 3206r Firmware
Intel Xeon Bronze 3206r
Intel Xeon Gold 5218r Firmware
Intel Xeon Gold 5218r
and 1354 more
CVE-2021-0118
Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
Netapp Cloud Backup
Netapp Fas\/aff Bios
Intel Xeon Bronze 3206r Firmware
Intel Xeon Bronze 3206r
Intel Xeon Gold 5218r Firmware
Intel Xeon Gold 5218r
and 1354 more
CVE-2021-0107
Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0092
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0103
Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0111
NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0093
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0091
Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0099
Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
Intel Atom C3436l
Intel Atom C3508
and 675 more
CVE-2021-0060
Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309...
Intel C620a Series Firmware<sps_e5_04.04.03.281.0
Intel C621a
Intel C627a
Intel C629a
Intel C620 Series Firmware<sps_e5_04.01.04.516.0
Intel C621
and 184 more
CVE-2021-44790
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Apple Catalina
Apple macOS Big Sur<11.6.6
<12.4
Apache HTTP server<=2.4.51
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 40 more
CVE-2021-4044
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (f...
rust/openssl-src>=300.0.0<300.0.4
OpenSSL OpenSSL<1.0.2
OpenSSL OpenSSL=1.1.0
OpenSSL OpenSSL=3.0.0
Netapp Cloud Backup
Netapp E-series Performance Analyzer
and 27 more
CVE-2018-25020
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instruct...
Linux Linux kernel<4.17
Netapp Cloud Backup
Netapp H410c Firmware
Netapp H410c
Netapp H300s Firmware
Netapp H300s
and 12 more
CVE-2021-43527
A flaw was found in the way NSS verifies certificates. That will happen both when client reads the Certificate message from the server or when server is configured to ask for client certificates and t...
redhat/nss<0:3.44.0-12.el6_10
redhat/nss<0:3.67.0-4.el7_9
redhat/nss<0:3.28.4-2.el7_3
redhat/nss<0:3.28.4-18.el7_4
redhat/nss<0:3.36.0-10.2.el7_6
redhat/nss<0:3.44.0-8.el7_7
and 22 more
CVE-2021-43975
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-o...
Linux Linux kernel<=5.15.2
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Netapp Cloud Backup
and 144 more
CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
Busybox Busybox=1.33.0
Busybox Busybox=1.33.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
and 15 more
CVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string...
Busybox Busybox=1.33.0
Busybox Busybox=1.33.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
and 15 more
CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved chara...
Busybox Busybox=1.33.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
and 14 more
CVE-2021-42376
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for...
Busybox Busybox>=1.16.0<1.34.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
and 14 more
CVE-2021-42374
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format tha...
debian/busybox
ubuntu/busybox<1:1.27.2-2ubuntu3.4
ubuntu/busybox<1:1.30.1-4ubuntu6.4
ubuntu/busybox<1:1.30.1-6ubuntu2.1
ubuntu/busybox<1:1.30.1-6ubuntu3.1
ubuntu/busybox<1:1.30.1-7ubuntu2
and 35 more
CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
Linux Linux kernel>=4.13<4.13.7
Netapp Cloud Backup
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
and 10 more
CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_pani...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<=5.15.2
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 159 more
CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIN...
debian/bind9
ISC BIND>=9.3.0<9.11.36
ISC BIND>=9.12.0<9.16.22
ISC BIND>=9.17.0<9.17.19
ISC BIND=9.9.3-s1
ISC BIND=9.9.12-s1
and 46 more
CVE-2021-42013
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP server=2.4.49
Apache HTTP server=2.4.50
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Instantis Enterprisetrack=17.1
Oracle Instantis Enterprisetrack=17.2
and 5 more
CVE-2021-41773
Apache HTTP Server Path Traversal Vulnerability
PHPUnit unit testing framework
Apache HTTP server
Laravel web application framework
Apache HTTP server=2.4.49
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 4 more
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. ...
redhat/httpd<2.4.50
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el7
Apache HTTP server=2.4.49
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 4 more
CVE-2021-41864
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds writ...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.14.12
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 168 more
CVE-2021-22945
curl. Multiple issues were addressed by updating to curl version 7.79.1.
debian/curl
Apple macOS Monterey<12.3
Haxx Libcurl>=7.73.0<=7.78.0
Fedoraproject Fedora=33
Fedoraproject Fedora=35
Netapp Cloud Backup
and 41 more
CVE-2021-38300
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel con...
debian/linux
Linux Linux kernel>=3.16<4.14.251
Linux Linux kernel>=4.15<4.19.211
Linux Linux kernel>=4.20<5.4.153
Linux Linux kernel>=5.5<5.10.71
Linux Linux kernel>=5.11<5.14.10
and 19 more
CVE-2021-41073
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by ...
Linux Linux kernel>=5.10<5.10.68
Linux Linux kernel>=5.11<5.14.7
Debian Debian Linux=10.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
and 115 more
CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF)
Apache HTTP server<=2.4.48
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 27 more
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
redhat/httpd<2.4.49
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el7
redhat/httpd24-httpd<0:2.4.34-23.el7.5
debian/apache2
debian/uwsgi<=2.0.18-1<=2.0.19.1-7.1<=2.0.21-5.1<=2.0.22-4
and 20 more
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affec...
Apache HTTP server<=2.4.48
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 16 more
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 38 more
CVE-2021-22947
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
redhat/curl<7.79.0
and 62 more
CVE-2021-22946
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
IBM QRadar SIEM<=7.5.0 GA
and 68 more
CVE-2021-32785
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Wh...
Openidc Mod Auth Openidc<2.4.9
Apache HTTP server>=2.0.0<=2.4.48
Openidc Mod Auth Openidc<2.4.9
Apache HTTP server>=2.0.0<=2.4.48
Netapp Cloud Backup
Debian Debian Linux=10.0
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ...
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.1
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.78.0
Haxx Libcurl>=7.10.4<7.77.0
Fedoraproject Fedora=33
and 98 more
CVE-2021-22923
A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to crede...
redhat/curl<0:7.61.1-18.el8_4.1
redhat/curl<0:7.61.1-12.el8_2.3
redhat/curl<7.78.0
Haxx Curl>=7.27.0<7.78.0
Fedoraproject Fedora=33
Netapp Cloud Backup
and 37 more
CVE-2021-22922
A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick user...
redhat/curl<0:7.61.1-18.el8_4.1
redhat/curl<0:7.61.1-12.el8_2.3
redhat/curl<7.78.0
Haxx Curl>=7.27.0<7.78.0
Fedoraproject Fedora=33
Netapp Cloud Backup
and 37 more
CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other sessi...
Libssh Libssh>=0.9.1<0.9.6
Redhat Virtualization=4.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
and 6 more
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with qu...
ubuntu/linux-hwe<5.13~
ubuntu/linux-aws-5.0<5.13~
ubuntu/linux-aws-hwe<5.13~
ubuntu/linux<5.11.0-31.33
ubuntu/linux<5.13~
ubuntu/linux-aws<5.11.0-1016.17
and 113 more
CVE-2020-28097
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
Linux Linux kernel<5.8.10
Netapp Cloud Backup
Netapp H410c Firmware
Netapp H410c
Netapp H300s Firmware
Netapp H300s
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203