Search
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43680 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 18 Debian Linux, Fedora, Libexpat and 15 more | 2024-01-03 | N/A | 7.5 HIGH |
| In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | |||||
| CVE-2023-38426 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2023-12-22 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. | |||||
| CVE-2023-38428 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2023-12-15 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. | |||||
| CVE-2023-38431 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410s and 3 more | 2023-12-15 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. | |||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 30 Ubuntu Linux, Debian Linux, Fedora and 27 more | 2023-12-07 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | |||||
| CVE-2019-15221 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. | |||||
| CVE-2019-15222 | 3 Linux, Netapp, Opensuse | 8 Linux Kernel, Active Iq Unified Manager, Data Availability Services and 5 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. | |||||
| CVE-2020-8832 | 2 Canonical, Netapp | 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more | 2023-11-09 | 2.1 LOW | 5.5 MEDIUM |
| The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | |||||
| CVE-2019-15212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | |||||
| CVE-2019-15215 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. | |||||
| CVE-2019-15217 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. | |||||
| CVE-2019-15218 | 6 Canonical, Debian, Linux and 3 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. | |||||
| CVE-2019-15219 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | |||||
| CVE-2020-29374 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, 500f and 8 more | 2023-11-09 | 3.3 LOW | 3.6 LOW |
| An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. | |||||
| CVE-2021-20322 | 5 Debian, Fedoraproject, Linux and 2 more | 32 Debian Linux, Fedora, Linux Kernel and 29 more | 2023-11-09 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | |||||
| CVE-2020-36516 | 2 Linux, Netapp | 29 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 26 more | 2023-11-09 | 4.9 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | |||||
| CVE-2019-15223 | 3 Canonical, Linux, Netapp | 8 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 5 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver. | |||||
| CVE-2019-15216 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | |||||
| CVE-2019-15213 | 3 Linux, Netapp, Opensuse | 8 Linux Kernel, Active Iq Unified Manager, Data Availability Services and 5 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | |||||
| CVE-2019-15211 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. | |||||
| CVE-2019-15220 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. | |||||
| CVE-2021-26708 | 2 Linux, Netapp | 12 Linux Kernel, 500f, A250 and 9 more | 2023-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | |||||
| CVE-2022-1473 | 2 Netapp, Openssl | 43 A250, A250 Firmware, A700s and 40 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | |||||
| CVE-2022-30594 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, 8300 and 18 more | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | |||||
| CVE-2022-28796 | 4 Fedoraproject, Linux, Netapp and 1 more | 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | |||||
| CVE-2020-25668 | 3 Debian, Linux, Netapp | 26 Debian Linux, Linux Kernel, 500f and 23 more | 2023-07-28 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | |||||
| CVE-2021-23133 | 5 Broadcom, Debian, Fedoraproject and 2 more | 24 Brocade Fabric Operating System, Debian Linux, Fedora and 21 more | 2023-07-28 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. | |||||
| CVE-2021-26932 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2022-07-28 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. | |||||
| CVE-2022-21434 | 3 Debian, Netapp, Oracle | 16 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 13 more | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2022-21426 | 3 Debian, Netapp, Oracle | 16 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 13 more | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2021-22924 | 6 Debian, Fedoraproject, Haxx and 3 more | 52 Debian Linux, Fedora, Libcurl and 49 more | 2022-07-28 | 4.3 MEDIUM | 3.7 LOW |
| libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | |||||
| CVE-2022-23308 | 5 Apple, Debian, Fedoraproject and 2 more | 36 Ipados, Iphone Os, Macos and 33 more | 2022-07-25 | 4.3 MEDIUM | 7.5 HIGH |
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||||
| CVE-2021-45485 | 2 Linux, Netapp | 20 Linux Kernel, Baseboard Management Controller H300e, Baseboard Management Controller H300s and 17 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | |||||
| CVE-2021-46143 | 3 Libexpat Project, Netapp, Tenable | 5 Libexpat, Clustered Data Ontap, Oncommand Workflow Automation and 2 more | 2022-06-14 | 6.8 MEDIUM | 7.8 HIGH |
| In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | |||||
| CVE-2021-20197 | 4 Broadcom, Gnu, Netapp and 1 more | 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more | 2022-06-03 | 3.3 LOW | 6.3 MEDIUM |
| There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | |||||
| CVE-2021-33200 | 3 Fedoraproject, Linux, Netapp | 19 Fedora, Linux Kernel, Cloud Backup and 16 more | 2022-05-13 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. | |||||
| CVE-2021-25217 | 5 Debian, Fedoraproject, Isc and 2 more | 25 Debian Linux, Fedora, Dhcp and 22 more | 2022-05-13 | 3.3 LOW | 7.4 HIGH |
| In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. | |||||
| CVE-2020-25669 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, Cloud Backup and 18 more | 2022-05-13 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. | |||||
| CVE-2019-25044 | 2 Linux, Netapp | 21 Linux Kernel, Cloud Backup, H300e and 18 more | 2022-05-13 | 7.2 HIGH | 7.8 HIGH |
| The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. | |||||
| CVE-2021-22901 | 4 Haxx, Netapp, Oracle and 1 more | 33 Curl, Active Iq Unified Manager, Cloud Backup and 30 more | 2022-05-13 | 6.8 MEDIUM | 8.1 HIGH |
| curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. | |||||
| CVE-2021-22897 | 4 Haxx, Netapp, Oracle and 1 more | 29 Curl, Cloud Backup, H300e and 26 more | 2022-05-13 | 4.3 MEDIUM | 5.3 MEDIUM |
| curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. | |||||
| CVE-2022-21449 | 3 Debian, Netapp, Oracle | 15 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 12 more | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2019-25045 | 2 Linux, Netapp | 41 Linux Kernel, Aff 8300, Aff 8300 Firmware and 38 more | 2022-04-29 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | |||||
| CVE-2020-29569 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Hci Compute Node and 4 more | 2022-04-26 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. | |||||
| CVE-2018-20839 | 2 Netapp, Systemd Project | 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more | 2022-02-20 | 4.3 MEDIUM | 9.8 CRITICAL |
| systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. | |||||
| CVE-2020-13776 | 3 Fedoraproject, Netapp, Systemd Project | 4 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 1 more | 2022-01-31 | 6.2 MEDIUM | 6.7 MEDIUM |
| systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | |||||
| CVE-2020-35507 | 3 Gnu, Netapp, Redhat | 5 Binutils, Hci Bootstrap Os, Ontap Select Deploy Administration Utility and 2 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. | |||||
| CVE-2020-25645 | 5 Canonical, Debian, Linux and 2 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-26987 | 2 Netapp, Pivotal Software | 4 Element Plug-in For Vcenter Server, Management Services For Element Software And Netapp Hci, Solidfire \& Hci Management Node and 1 more | 2021-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. | |||||