Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

santricity smi-s provider vulnerabilities and exploits

(subscribe to this query)
10
CVSSv2
CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis...
Openssl OpensslDebian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 35Fedoraproject Fedora 36Siemens Sinec Ins 1.0Siemens Sinec InsNetapp Santricity Smi-s Provider -Netapp Element Software -Netapp Ontap Select Deploy Administration Utility -Netapp Smi-s Provider -Netapp Solidfire -Netapp Hci Management Node -Netapp Snapmanager -Netapp Ontap Antivirus Connector -Netapp Bootstrap Os -Netapp H615c Firmware -Netapp H610s Firmware -Netapp H610c Firmware -Netapp H410c Firmware -Netapp H300s Firmware -Netapp H500s Firmware -
4.3
CVSSv2
CVE-2022-1343
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fail...
Openssl OpensslNetapp Santricity Smi-s Provider -Netapp Clustered Data Ontap -Netapp Smi-s Provider -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire \\& Hci Management Node -Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -Netapp Active Iq Unified Manager -Netapp Snapmanager -Netapp A250 Firmware -Netapp A700s Firmware -Netapp Aff 500f Firmware -Netapp Aff 8300 Firmware -Netapp Aff 8700 Firmware -Netapp Aff A400 Firmware -Netapp Fabric-attached Storage A400 Firmware -Netapp Fas 500f Firmware -Netapp Fas 8300 Firmware -Netapp Fas 8700 Firmware -Netapp H300e Firmware -Netapp H300s Firmware -Netapp H410s Firmware -
4.3
CVSSv2
CVE-2022-1434
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an Op...
Openssl OpensslNetapp Santricity Smi-s Provider -Netapp Clustered Data Ontap -Netapp Smi-s Provider -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire \\& Hci Management Node -Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -Netapp Active Iq Unified Manager -Netapp Snapmanager -Netapp A700s Firmware -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H300e Firmware -Netapp H500e Firmware -Netapp H700e Firmware -Netapp H410s Firmware -Netapp Aff 8300 Firmware -Netapp Fas 8300 Firmware -Netapp Aff 8700 Firmware -Netapp Fas 8700 Firmware -Netapp Aff A400 Firmware -
5
CVSSv2
CVE-2022-1473
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its...
Openssl OpensslNetapp Santricity Smi-s Provider -Netapp Clustered Data Ontap -Netapp Smi-s Provider -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire \\& Hci Management Node -Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -Netapp Active Iq Unified Manager -Netapp Snapmanager -Netapp A700s Firmware -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H300e Firmware -Netapp H500e Firmware -Netapp H700e Firmware -Netapp H410s Firmware -Netapp Aff 8300 Firmware -Netapp Fas 8300 Firmware -Netapp Aff 8700 Firmware -Netapp Fas 8700 Firmware -Netapp Aff A400 Firmware -
10
CVSSv2
CVE-2022-1292
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the ...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Oncommand Insight -Netapp Clustered Data Ontap -Netapp Smi-s Provider -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire \\& Hci Management Node -Netapp Active Iq Unified Manager -Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -Netapp Snapmanager -Netapp A700s Firmware -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H300e Firmware -Netapp H500e Firmware -Netapp H700e Firmware -
5
CVSSv2
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Storagegrid -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Cloud Volumes Ontap Mediator -Netapp A250 Firmware -Netapp 500f Firmware -Fedoraproject Fedora 34Fedoraproject Fedora 36Tenable NessusMariadb MariadbNodejs Node.js
7.5
CVSSv2
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" paramete...
Openssl OpensslDebian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Oncommand Insight -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire -Netapp Hci Management Node -Netapp Active Iq Unified Manager -Netapp Manageability Software Development Kit -Netapp Storage Encryption -Netapp E-series Santricity Os ControllerOracle Peoplesoft Enterprise Peopletools 8.57Oracle Jd Edwards World Security A9.4Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Session Border Controller 8.4Oracle Enterprise Communications Broker 3.2.0Oracle Zfs Storage Appliance Kit 8.8Oracle Peoplesoft Enterprise Peopletools 8.59
5.8
CVSSv2
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire -Netapp Hci Management Node -Netapp Manageability Software Development Kit -Netapp Storage Encryption -Netapp E-series Santricity Os ControllerMcafee Epolicy Orchestrator 5.10.0Mcafee Epolicy OrchestratorTenable Tenable.scTenable Nessus Network MonitorOracle Peoplesoft Enterprise Peopletools 8.57Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Zfs Storage Appliance Kit 8.8Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Mysql ServerOracle Mysql Workbench
4.3
CVSSv2
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Freebsd Freebsd 12.2Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Storagegrid -Netapp Oncommand Insight -Netapp Ontap Select Deploy Administration Utility -Netapp Active Iq Unified Manager -Netapp Cloud Volumes Ontap Mediator -Netapp E-series Performance Analyzer -Tenable Tenable.scTenable NessusTenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Tenable Log Correlation EngineFedoraproject Fedora 34
4.3
CVSSv2
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 32Fedoraproject Fedora 33Oracle Api Gateway 11.1.2.4.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Business Intelligence 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Jd Edwards World Security A9.4Oracle Business Intelligence 12.2.1.4.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Business Intelligence 5.5.0.0.0Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager For Storage Management 13.4.0.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle MysqlOracle Graalvm 19.3.4Oracle Graalvm 20.3.0Oracle Essbase 21.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook