Latest netapp hci bootstrap os Vulnerabilities

CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Openbsd Openssh>=8.9<9.3
Netapp Brocade Fabric Operating System
Netapp Hci Bootstrap Os
Netapp Solidfire Element Os
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
and 2 more
CVE-2022-36879
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
Linux Linux kernel<=5.18.14
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp A700s Firmware
Netapp A700s
Apple iPadOS
and 216 more
CVE-2022-30115
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host...
Haxx Curl>=7.82.0<7.83.1
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
NetApp Clustered Data ONTAP
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node
Netapp Solidfire \& Hci Management Node
and 21 more
CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt w...
Haxx Curl>=7.82.0<7.83.1
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
NetApp Clustered Data ONTAP
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node
Netapp Solidfire \& Hci Management Node
and 22 more
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.Fo...
Haxx Curl>=7.80.0<7.83.1
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
NetApp Clustered Data ONTAP
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node
Netapp Solidfire \& Hci Management Node
and 21 more
CVE-2022-27781
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make lib...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.83.1
Haxx Curl<7.83.1
Debian Debian Linux=10.0
and 28 more
CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is u...
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.64.0-4+deb10u2<=7.74.0-1.3+deb11u1<=7.82.0-2
Haxx Curl>=4.9<=7.82.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Hci Bootstrap Os
and 26 more
CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a conne...
debian/curl
debian/curl<=7.74.0-1.3+deb11u1<=7.82.0-2
Haxx Curl>=7.65.0<=7.82.0
Debian Debian Linux=11.0
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
and 25 more
CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.74.0-1.3+deb11u1<=7.64.0-4+deb10u2<=7.82.0-2
Haxx Curl<7.83.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0
and 28 more
CVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of ...
redhat/gnutls<3.7.3
GNU GnuTLS<3.7.3
Redhat Enterprise Linux=8.0
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Solidfire \& Hci Management Node
Netapp Hci Bootstrap Os
and 1 more
CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of fre...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 72 more
CVE-2021-38202
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is bein...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 72 more
CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arrang...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 125 more
CVE-2021-38160
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer s...
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
Netapp Solidfire
Netapp Element Software
and 130 more
CVE-2021-38201
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
redhat/kernel-rt<0:4.18.0-305.17.1.rt7.89.el8_4
redhat/kernel<0:4.18.0-305.17.1.el8_4
Linux Linux kernel<5.13.4
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
Netapp Hci Management Node
and 91 more
CVE-2020-8286
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 67 more
CVE-2020-8285
curl. A buffer overflow was addressed with improved input validation.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 105 more
CVE-2020-8284
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 113 more
CVE-2020-16166
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relate...
redhat/kernel-alt<0:4.14.0-115.32.1.el7a
redhat/kernel-rt<0:4.18.0-240.8.1.rt7.62.el8_3
redhat/kernel<0:4.18.0-240.8.1.el8_3
redhat/kernel<0:4.18.0-147.38.1.el8_1
redhat/kernel-rt<0:4.18.0-193.37.1.rt13.87.el8_2
redhat/kernel<0:4.18.0-193.37.1.el8_2
and 122 more
CVE-2020-29368
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a TH...
redhat/kernel-rt<0:4.18.0-348.rt7.130.el8
redhat/kernel<0:4.18.0-348.el8
redhat/kernel-rt<0:4.18.0-193.87.1.rt13.137.el8_2
redhat/kernel<0:4.18.0-193.87.1.el8_2
redhat/kernel-rt<0:4.18.0-305.57.1.rt7.129.el8_4
redhat/kernel<0:4.18.0-305.57.1.el8_4
and 95 more
CVE-2020-12771
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
ubuntu/linux<4.15.0-115.116
ubuntu/linux<5.4.0-45.49
ubuntu/linux<5.8~
ubuntu/linux<4.4.0-187.217
ubuntu/linux-aws<4.15.0-1080.84
ubuntu/linux-aws<5.4.0-1022.22
and 146 more
CVE-2019-0201
A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.
redhat/zookeeper<3.6.0
redhat/zookeeper<3.5.5
redhat/zookeeper<3.4.14
ubuntu/zookeeper<3.4.8-1ubuntu0.1~
ubuntu/zookeeper<3.4.5+dfsg-1ubuntu0.1~
ubuntu/zookeeper<3.4.9-3+
and 34 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203