Vulnerabilities > Netapp > HCI Management Node > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-19813 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
local
low complexity
linux canonical debian netapp CWE-416
5.5
2019-11-30 CVE-2019-19462 NULL Pointer Dereference vulnerability in multiple products
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
local
low complexity
linux netapp canonical opensuse debian CWE-476
5.5
2019-11-28 CVE-2019-19318 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
local
low complexity
linux opensuse canonical debian netapp CWE-416
4.4
2019-09-24 CVE-2019-5094 Out-of-bounds Write vulnerability in multiple products
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3.
6.7
2019-08-16 CVE-2019-15118 Uncontrolled Recursion vulnerability in multiple products
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
local
low complexity
linux canonical debian opensuse netapp CWE-674
5.5
2019-07-30 CVE-2019-14444 Integer Overflow or Wraparound vulnerability in multiple products
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
local
low complexity
gnu opensuse canonical netapp CWE-190
5.5
2019-07-23 CVE-2019-1010204 Incorrect Conversion between Numeric Types vulnerability in multiple products
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read.
local
low complexity
gnu netapp CWE-681
5.5
2019-04-24 CVE-2019-3882 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit.
5.5
2019-04-22 CVE-2019-3901 Improper Locking vulnerability in multiple products
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
local
high complexity
linux debian netapp CWE-667
4.7
2019-03-25 CVE-2019-3874 Resource Exhaustion vulnerability in multiple products
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem.
6.5