RSS   Vulnerabilities for 'Snapdrive'   RSS

2019-02-27
 
CVE-2019-1559

CWE-200
 

 
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

 
2018-12-07
 
CVE-2018-18314

CWE-119
 

 
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

 
 
CVE-2018-18313

CWE-125
 

 
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

 
2018-12-05
 
CVE-2018-18312

CWE-119
 

 
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

 
2018-10-29
 
CVE-2018-0735

CWE-320
 

 
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

 
2018-06-07
 
CVE-2018-12015

CWE-22
 

 
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

 
2017-11-13
 
CVE-2016-8610

CWE-400
 

 
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

 
2017-02-07
 
CVE-2015-8544

CWE-200
 

 
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.

 

 >>> Vendor: Netapp 66 Products
Data ontap
Oncommand balance
Oncommand workflow automation
Clustered data ontap
Oncommand system manager
Netapp plug-in
Snap creator framework
Metrocluster tiebreaker
Oncommand insight
Snapdrive
Virtual storage console for vmware vsphere
Snapcenter server
Oncommand unified manager for clustered data ontap
Ontap select administration utility
Oncommand unified manager core package
Altavault
Oncommand api
Storagegrid webscale
Vasa provider
Service level manager
Cloud backup
Hyper converged infrastructure
Solidfire element os
Oncommand unified manager
Santricity smi-s provider
Steelstore
Cn1610 firmware
Data ontap edge
Element software management node
Solidfire element os management node
Element software
Santricity cloud connector
Active iq
E-series santricity os controller
Snapcenter
Snapdriver
Ontap select deploy
Steelstore cloud integrated storage
Storage automation store
Snapmanager
Ontap select deploy utility
Storagegrid
Active iq performance analytics services
Ontap select deploy administration utility
Element software management
Fas/aff baseboard management controller
E-series santricity management plug-ins
E-series santricity web services proxy
Service processor
Aff baseboard management controller
Fas baseboard management controller
Storagegrid webscale nas bridge
Cloud insights
Oncommand api services
Trident
E-series santricity management
E-series santricity storage manager
E-series santricity web services
Brocade network advisor
Virtual storage console
Hyper converged infrastructure compute node
Clustered data ontap antivirus connector
Host agent
Smi-s provider
Hci storage nodes
Data ontap operating in 7-mode


Copyright 2019, cxsecurity.com

 

Back to Top