Filtered by vendor Netapp Subscriptions
Filtered by product Solidfire Subscriptions
Total 193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-17498 6 Debian, Fedoraproject, Libssh2 and 3 more 13 Debian Linux, Fedora, Libssh2 and 10 more 2024-11-21 8.1 High
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVE-2019-17006 4 Mozilla, Netapp, Redhat and 1 more 27 Network Security Services, Hci Compute Node, Hci Management Node and 24 more 2024-11-21 9.8 Critical
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
CVE-2019-16995 3 Linux, Netapp, Opensuse 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more 2024-11-21 7.5 High
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
CVE-2019-15538 7 Canonical, Debian, Fedoraproject and 4 more 29 Ubuntu Linux, Debian Linux, Fedora and 26 more 2024-11-21 7.5 High
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
CVE-2019-15166 8 Apple, Canonical, Debian and 5 more 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more 2024-11-21 1.6 Low
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
CVE-2019-15118 5 Canonical, Debian, Linux and 2 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2024-11-21 5.5 Medium
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 49 Ubuntu Linux, Debian Linux, Fedora and 46 more 2024-11-21 7.8 High
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 41 Ubuntu Linux, Debian Linux, Fedora and 38 more 2024-11-21 8.8 High
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-14816 7 Canonical, Debian, Fedoraproject and 4 more 60 Ubuntu Linux, Debian Linux, Fedora and 57 more 2024-11-21 7.8 High
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14815 3 Linux, Netapp, Redhat 19 Linux Kernel, Altavault, Baseboard Management Controller and 16 more 2024-11-21 7.8 High
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
CVE-2019-14814 6 Canonical, Debian, Linux and 3 more 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more 2024-11-21 7.8 High
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14444 4 Canonical, Gnu, Netapp and 1 more 5 Ubuntu Linux, Binutils, Hci Management Node and 2 more 2024-11-21 5.5 Medium
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2019-13272 6 Canonical, Debian, Fedoraproject and 3 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2024-11-21 7.8 High
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVE-2019-12615 2 Linux, Netapp 10 Linux Kernel, Active Iq Unified Manager, Aff A700s and 7 more 2024-11-21 7.5 High
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVE-2019-11815 5 Canonical, Debian, Linux and 2 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2024-11-21 8.1 High
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
CVE-2019-11486 4 Debian, Linux, Netapp and 1 more 10 Debian Linux, Linux Kernel, Active Iq and 7 more 2024-11-21 7.0 High
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVE-2019-11068 8 Canonical, Debian, Fedoraproject and 5 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2024-11-21 9.8 Critical
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-10126 6 Canonical, Debian, Linux and 3 more 29 Ubuntu Linux, Debian Linux, Linux Kernel and 26 more 2024-11-21 9.8 Critical
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
CVE-2019-10125 2 Linux, Netapp 7 Linux Kernel, Active Iq Unified Manager, Cn1610 and 4 more 2024-11-21 9.8 Critical
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
CVE-2019-1010204 3 Gnu, Netapp, Redhat 5 Binutils, Binutils Gold, Hci Management Node and 2 more 2024-11-21 5.5 Medium
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.