Filtered by vendor Netapp
Subscriptions
Filtered by product Solidfire
Subscriptions
Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10029 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-11-21 | 5.5 Medium |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | ||||
| CVE-2019-9924 | 6 Canonical, Debian, Gnu and 3 more | 12 Ubuntu Linux, Debian Linux, Bash and 9 more | 2024-11-21 | 7.8 High |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | ||||
| CVE-2019-9162 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-11-21 | 7.8 High |
| In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. | ||||
| CVE-2019-9075 | 4 Canonical, F5, Gnu and 1 more | 18 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 15 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | ||||
| CVE-2019-9074 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | ||||
| CVE-2019-9073 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | ||||
| CVE-2019-9072 | 2 Gnu, Netapp | 3 Binutils, Hci Management Node, Solidfire | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. | ||||
| CVE-2019-9071 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | ||||
| CVE-2019-9003 | 5 Canonical, Linux, Netapp and 2 more | 9 Ubuntu Linux, Linux Kernel, Cn1610 and 6 more | 2024-11-21 | 7.5 High |
| In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. | ||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 20 Mesos, Ubuntu Linux, Dc\/os and 17 more | 2024-11-21 | 8.6 High |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
| CVE-2019-5436 | 8 Debian, F5, Fedoraproject and 5 more | 15 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 12 more | 2024-11-21 | 7.8 High |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | ||||
| CVE-2019-5108 | 6 Canonical, Debian, Linux and 3 more | 23 Ubuntu Linux, Debian Linux, Linux Kernel and 20 more | 2024-11-21 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | ||||
| CVE-2019-3901 | 4 Debian, Linux, Netapp and 1 more | 14 Debian Linux, Linux Kernel, Active Iq Unified Manager For Vmware Vsphere and 11 more | 2024-11-21 | 4.7 Medium |
| A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. | ||||
| CVE-2019-3900 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-11-21 | 7.7 High |
| An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. | ||||
| CVE-2019-3882 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | ||||
| CVE-2019-3874 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 6.5 Medium |
| The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | ||||
| CVE-2019-3846 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2024-11-21 | 8.8 High |
| A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | ||||
| CVE-2019-20636 | 3 Linux, Netapp, Redhat | 24 Linux Kernel, Cloud Backup, Fas 8300 and 21 more | 2024-11-21 | 6.7 Medium |
| In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | ||||
| CVE-2019-20095 | 4 Linux, Netapp, Opensuse and 1 more | 21 Linux Kernel, 8300, 8300 Firmware and 18 more | 2024-11-21 | 5.5 Medium |
| mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | ||||
| CVE-2019-1559 | 13 Canonical, Debian, F5 and 10 more | 91 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 88 more | 2024-11-21 | 5.9 Medium |
| If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | ||||