Solidfire Hci Management Node NetApp Solidfire Hci Management Node

Do you want an email whenever new security vulnerabilities are reported in NetApp Solidfire Hci Management Node?

By the Year

In 2022 there have been 0 vulnerabilities in NetApp Solidfire Hci Management Node . Last year Solidfire Hci Management Node had 3 security vulnerabilities published. Right now, Solidfire Hci Management Node is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 6.33
2020 3 6.63
2019 0 0.00
2018 0 0.00

It may take a day or so for new Solidfire Hci Management Node vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Solidfire Hci Management Node Security Vulnerabilities

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*

CVE-2021-22924 3.7 - Low - August 05, 2021

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Use of Incorrectly-Resolved Name or Reference

Element Plug-in for vCenter Server incorporates SpringBoot Framework

CVE-2021-26987 9.8 - Critical - March 15, 2021

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could

CVE-2020-35507 5.5 - Medium - January 04, 2021

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x

CVE-2020-29569 8.8 - High - December 15, 2020

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

Unchecked Return Value

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c

CVE-2020-29374 3.6 - Low - November 28, 2020

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.

Race Condition

A flaw was found in the Linux kernel in versions before 5.9-rc7

CVE-2020-25645 7.5 - High - October 13, 2020

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Cleartext Transmission of Sensitive Information

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse Leap or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

subscribe