Summary
Detail | |||
---|---|---|---|
Vendor | Netapp | First view | 2017-05-23 |
Product | Cloud Backup | Last view | 2023-06-26 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* | 322 |
cpe:2.3:a:netapp:cloud_backup:*:*:*:*:*:*:*:* | 3 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2023-06-26 | CVE-2020-23064 | Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the |
6.5 | 2022-02-09 | CVE-2021-33068 | Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. |
7.8 | 2022-02-09 | CVE-2021-0156 | Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. |
6.6 | 2022-02-09 | CVE-2021-0125 | Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. |
6.6 | 2022-02-09 | CVE-2021-0124 | Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. |
6.2 | 2022-02-09 | CVE-2021-0119 | Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. |
6.7 | 2022-02-09 | CVE-2021-0118 | Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
7.8 | 2022-02-09 | CVE-2021-0117 | Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
7.8 | 2022-02-09 | CVE-2021-0116 | Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
6.7 | 2022-02-09 | CVE-2021-0115 | Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
6.7 | 2022-02-09 | CVE-2021-0111 | NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
6.7 | 2022-02-09 | CVE-2021-0107 | Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
6.7 | 2022-02-09 | CVE-2021-0103 | Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
7.8 | 2022-02-09 | CVE-2021-0099 | Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. |
4.4 | 2022-02-09 | CVE-2021-0093 | Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. |
4.4 | 2022-02-09 | CVE-2021-0092 | Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. |
7.8 | 2022-02-09 | CVE-2021-0091 | Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. |
9.8 | 2021-12-20 | CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. |
7.5 | 2021-12-14 | CVE-2021-4044 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). |
9.8 | 2021-12-08 | CVE-2021-43527 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
7.8 | 2021-12-08 | CVE-2018-25020 | The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. |
4.6 | 2021-11-17 | CVE-2021-43976 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
6.7 | 2021-11-17 | CVE-2021-43975 | In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. |
9.8 | 2021-11-15 | CVE-2021-42377 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. |
5.5 | 2021-11-15 | CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
11% (27) | CWE-476 | NULL Pointer Dereference |
9% (23) | CWE-787 | Out-of-bounds Write |
9% (22) | CWE-416 | Use After Free |
7% (18) | CWE-125 | Out-of-bounds Read |
5% (13) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
5% (12) | CWE-502 | Deserialization of Untrusted Data |
3% (9) | CWE-362 | Race Condition |
3% (8) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
3% (7) | CWE-190 | Integer Overflow or Wraparound |
2% (6) | CWE-755 | Improper Handling of Exceptional Conditions |
2% (5) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
2% (5) | CWE-20 | Improper Input Validation |
1% (4) | CWE-674 | Uncontrolled Recursion |
1% (4) | CWE-617 | Reachable Assertion |
1% (4) | CWE-319 | Cleartext Transmission of Sensitive Information |
1% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
1% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (3) | CWE-681 | Incorrect Conversion between Numeric Types |
1% (3) | CWE-667 | Insufficient Locking |
1% (3) | CWE-415 | Double Free |
1% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (2) | CWE-763 | Release of Invalid Pointer or Reference |
0% (2) | CWE-665 | Improper Initialization |
0% (2) | CWE-662 | Insufficient Synchronization |
SAINT Exploits
Description | Link |
---|---|
Apache HTTP Server path traversal | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-08 | TRUFFLEHUNTER TALOS-2020-1142 attack attempt RuleID : 54831 - Type : POLICY-OTHER - Revision : 1 |
2018-05-22 | Multiple Vendors NTP zero-origin timestamp denial of service attempt RuleID : 46387 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-18 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO |
2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1008.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-042156f164.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-065a7722ee.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-49d3b42425.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO |
2019-01-02 | Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili... File: nessus_tns_2018_16.nasl - Type: ACT_GATHER_INFO |
2019-01-02 | Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili... File: nessus_tns_2018_17.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1411.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1413.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1431.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili... File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO |
2018-12-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4355.nasl - Type: ACT_GATHER_INFO |
2018-12-10 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1405.nasl - Type: ACT_GATHER_INFO |
2018-12-10 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1109.nasl - Type: ACT_GATHER_INFO |
2018-12-01 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1789.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2424.nasl - Type: ACT_GATHER_INFO |
2018-11-23 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-325-01.nasl - Type: ACT_GATHER_INFO |
2018-11-23 | Name: The remote Debian host is missing a security update. File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO |