Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2019-05-07 CVE-2018-20836 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.20.
network
high complexity
linux canonical debian f5 netapp opensuse CWE-416
8.1
2019-04-26 CVE-2019-3844 Privilege Chaining vulnerability in multiple products
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set.
local
low complexity
systemd-project canonical netapp CWE-268
7.8
2019-04-26 CVE-2019-3843 Improper Privilege Management vulnerability in multiple products
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated.
7.8
2019-04-25 CVE-2019-3900 Infinite Loop vulnerability in multiple products
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx().
7.7
2019-04-23 CVE-2019-11486 Race Condition vulnerability in multiple products
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
local
high complexity
linux debian opensuse netapp CWE-362
7.0
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-04-02 CVE-2019-9946 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes.
network
low complexity
kubernetes cncf netapp CWE-670
7.5
2019-03-28 CVE-2019-0222 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
network
low complexity
apache netapp oracle debian
7.5
2019-03-25 CVE-2019-3857 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed.
8.8