Latest netapp cloud volumes ontap mediator Vulnerabilities

● CVE-2022-1678

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

Linux Linux kernel>=4.18<=4.19

Netapp Active Iq Unified Manager Vmware Vsphere

Netapp Cloud Volumes Ontap Mediator

NetApp E-Series SANtricity OS Controller>=11.0<=11.70.2

Netapp Element Software

Netapp Hci Management Node

and 20 more

● CVE-2022-0778

A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of t...

redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8

redhat/jbcs-httpd24-curl<0:7.78.0-3.el8

redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8

redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8

redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8

redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8

and 84 more

● CVE-2020-36516

A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. This flaw allow...

redhat/kernel-rt<0:4.18.0-425.3.1.rt7.213.el8

redhat/kernel<0:4.18.0-425.3.1.el8

redhat/kernel<0:5.14.0-162.6.1.el9_1

redhat/kernel-rt<0:5.14.0-162.6.1.rt21.168.el9_1

ubuntu/linux<4.15.0-176.185

ubuntu/linux<5.4.0-109.123

and 204 more

● CVE-2021-3450

OpenSSL could allow a remote attacker to bypass security restrictions, caused by a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any v...

rust/openssl-src>=111.11.0<111.15.0

IBM Security Verify Access<=10.0.0

OpenSSL OpenSSL>=1.1.1h<1.1.1k

FreeBSD FreeBSD=12.2

FreeBSD FreeBSD=12.2-p1

FreeBSD FreeBSD=12.2-p2

and 52 more

● CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it...

rust/openssl-src<111.15.0

debian/openssl

IBM Cognos Analytics<=12.0.0-12.0.1

IBM Cognos Analytics<=11.2.0-11.2.4 FP2

IBM Cognos Analytics<=11.1.1-11.1.7 FP7

OpenSSL OpenSSL>=1.1.1<1.1.1k

and 202 more

● CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relate...

redhat/kernel-alt<0:4.14.0-115.32.1.el7a

redhat/kernel-rt<0:4.18.0-240.8.1.rt7.62.el8_3

redhat/kernel<0:4.18.0-240.8.1.el8_3

redhat/kernel<0:4.18.0-147.38.1.el8_1

redhat/kernel-rt<0:4.18.0-193.37.1.rt13.87.el8_2

redhat/kernel<0:4.18.0-193.37.1.el8_2

and 122 more

● CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

redhat/python<0:2.7.5-90.el7

redhat/python3<0:3.6.8-18.el7

redhat/python<0:2.7.5-64.el7_4

redhat/python<0:2.7.5-84.el7_6

redhat/python<0:2.7.5-88.el7_7

redhat/python3<0:3.6.8-31.el8

and 42 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.