Filtered by vendor Netapp Subscriptions
Filtered by product Altavault Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 91 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 88 more 2024-11-21 5.9 Medium
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-14815 3 Linux, Netapp, Redhat 19 Linux Kernel, Altavault, Baseboard Management Controller and 16 more 2024-11-21 7.8 High
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
CVE-2016-3998 1 Netapp 1 Altavault 2024-11-21 N/A
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.