Cn1610 Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-14	CVE-2019-10126	Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in the Linux kernel. network low complexity linux redhat canonical debian opensuse netapp CWE-122 critical	9.8
2019-06-03	CVE-2019-12615	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. network low complexity linux netapp CWE-476	7.5
2019-06-03	CVE-2019-3846	Heap-based Buffer Overflow vulnerability in multiple products A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. low complexity linux redhat canonical netapp fedoraproject debian opensuse CWE-122	8.8
2019-05-17	CVE-2018-20839	Information Exposure vulnerability in multiple products systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. network low complexity systemd-project netapp CWE-200 critical	9.8
2019-05-08	CVE-2019-11815	Race Condition vulnerability in multiple products An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. network linux canonical debian opensuse netapp CWE-362 critical	9.3
2019-04-26	CVE-2019-3844	Privilege Chaining vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. local low complexity systemd-project canonical netapp CWE-268	7.8
2019-04-26	CVE-2019-3843	Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. local low complexity systemd-project fedoraproject canonical netapp CWE-269	7.8
2019-04-25	CVE-2019-3900	Infinite Loop vulnerability in multiple products An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle CWE-835	7.7
2019-04-24	CVE-2019-3882	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. local low complexity linux fedoraproject debian canonical opensuse netapp CWE-770	5.5
2019-04-22	CVE-2019-3901	Improper Locking vulnerability in multiple products A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. local high complexity linux debian netapp CWE-667	4.7