Altavault

altavault

Vendor: Netapp • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14815 3Linux NetappRedhat 18Altavault Baseboard Management ControllerCodeready Linux Builder Eus+15 more Nov 21, 2024 Nov 25, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
CVE-2019-1559 13Canonical DebianF5+10 more 82A220 Firmware A320 FirmwareA800 Firmware+79 more Nov 21, 2024 Feb 27, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte r...Show more If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).Show less
CVE-2016-3998 1Netapp 1Altavault May 13, 2026 Jul 3, 2017 N/A· v4 8.1 HIGH· v3 5.1 MEDIUM· v2 NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.