VYPR

Solidfire Baseboard Management Controller Firmware

by NetApp

CVEs (8)

  • CVE-2019-5481CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.07

    Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

  • CVE-2021-22946HigSep 29, 2021
    risk 0.42cvss 7.5epss 0.04

    A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed…

  • CVE-2021-22947MedSep 29, 2021
    risk 0.31cvss 5.9epss 0.03

    When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached…

  • CVE-2019-11179Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.

  • CVE-2019-11178Nov 14, 2019
    risk 0.00cvss epss 0.01

    Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2019-11173Nov 14, 2019
    risk 0.00cvss epss 0.00

    Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.

  • CVE-2019-11168Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2019-5497Jul 1, 2019
    risk 0.00cvss epss 0.03

    NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.