Filtered by vendor Netapp Subscriptions
Filtered by product Solidfire Subscriptions
Total 193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-3874 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 6.5 Medium
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
CVE-2019-3846 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2024-11-21 8.8 High
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVE-2019-3844 4 Canonical, Netapp, Redhat and 1 more 8 Ubuntu Linux, Cn1610, Cn1610 Firmware and 5 more 2024-11-21 7.8 High
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
CVE-2019-3843 5 Canonical, Fedoraproject, Netapp and 2 more 9 Ubuntu Linux, Fedora, Cn1610 and 6 more 2024-11-21 7.8 High
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
CVE-2019-2215 5 Canonical, Debian, Google and 2 more 145 Ubuntu Linux, Debian Linux, Android and 142 more 2024-11-21 7.8 High
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVE-2019-20636 3 Linux, Netapp, Redhat 24 Linux Kernel, Cloud Backup, Fas 8300 and 21 more 2024-11-21 6.7 Medium
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
CVE-2019-20095 4 Linux, Netapp, Opensuse and 1 more 21 Linux Kernel, 8300, 8300 Firmware and 18 more 2024-11-21 5.5 Medium
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 91 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 88 more 2024-11-21 5.9 Medium
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-19965 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2024-11-21 4.7 Medium
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19816 4 Canonical, Debian, Linux and 1 more 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more 2024-11-21 7.8 High
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
CVE-2019-19813 4 Canonical, Debian, Linux and 1 more 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more 2024-11-21 5.5 Medium
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
CVE-2019-19462 5 Canonical, Debian, Linux and 2 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2024-11-21 5.5 Medium
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-19448 4 Canonical, Debian, Linux and 1 more 27 Ubuntu Linux, Debian Linux, Linux Kernel and 24 more 2024-11-21 7.8 High
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
CVE-2019-19318 5 Canonical, Debian, Linux and 2 more 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more 2024-11-21 4.4 Medium
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
CVE-2019-19069 4 Broadcom, Canonical, Linux and 1 more 21 Fabric Operating System, Ubuntu Linux, Linux Kernel and 18 more 2024-11-21 7.5 High
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
CVE-2019-19050 5 Broadcom, Canonical, Fedoraproject and 2 more 22 Fabric Operating System, Ubuntu Linux, Fedora and 19 more 2024-11-21 7.5 High
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
CVE-2019-18805 5 Broadcom, Linux, Netapp and 2 more 22 Fabric Operating System, Linux Kernel, Active Iq Unified Manager and 19 more 2024-11-21 9.8 Critical
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
CVE-2019-18683 6 Broadcom, Canonical, Debian and 3 more 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more 2024-11-21 7.0 High
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVE-2019-18282 4 Debian, Linux, Netapp and 1 more 21 Debian Linux, Linux Kernel, 8300 and 18 more 2024-11-21 5.3 Medium
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
CVE-2019-18276 4 Gnu, Netapp, Oracle and 1 more 6 Bash, Hci Management Node, Oncommand Unified Manager and 3 more 2024-11-21 7.8 High
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.