Vulnerabilities > Netapp > HCI Management Node > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-08 CVE-2020-10690 Use After Free vulnerability in multiple products
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation.
6.4
2020-03-04 CVE-2020-10029 Out-of-bounds Write vulnerability in multiple products
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets.
5.5
2020-02-25 CVE-2020-9391 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.
local
low complexity
linux fedoraproject netapp CWE-787
5.5
2020-02-14 CVE-2020-8992 Excessive Iteration vulnerability in multiple products
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
local
low complexity
linux canonical opensuse netapp CWE-834
5.5
2020-01-16 CVE-2019-18282 Use of Insufficiently Random Values vulnerability in multiple products
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.
network
low complexity
linux debian netapp CWE-330
5.3
2019-12-30 CVE-2019-20095 Memory Leak vulnerability in multiple products
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82.
local
low complexity
linux opensuse netapp CWE-401
5.5
2019-12-25 CVE-2019-19965 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
local
high complexity
linux debian canonical netapp opensuse CWE-476
4.7
2019-12-23 CVE-2019-5108 Improper Authentication vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3.
6.5
2019-12-17 CVE-2019-19813 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
local
low complexity
linux canonical debian netapp CWE-416
5.5
2019-11-30 CVE-2019-19462 NULL Pointer Dereference vulnerability in multiple products
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
local
low complexity
linux netapp canonical opensuse debian CWE-476
5.5