Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2019-4231 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
4.3
2019-12-17 CVE-2019-19813 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
local
low complexity
linux canonical debian netapp CWE-416
5.5
2019-12-09 CVE-2019-19645 Uncontrolled Recursion vulnerability in multiple products
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
local
low complexity
sqlite netapp oracle tenable siemens CWE-674
5.5
2019-11-30 CVE-2019-19462 NULL Pointer Dereference vulnerability in multiple products
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
local
low complexity
linux netapp canonical opensuse debian CWE-476
5.5
2019-11-28 CVE-2019-19318 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
local
low complexity
linux opensuse canonical debian netapp CWE-416
4.4
2019-11-18 CVE-2019-19063 Memory Leak vulnerability in multiple products
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
4.6
2019-11-18 CVE-2019-19054 Memory Leak vulnerability in multiple products
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
4.7
2019-11-14 CVE-2019-14591 Improper Input Validation vulnerability in multiple products
Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel netapp CWE-20
5.5
2019-11-14 CVE-2019-14590 Improper Privilege Management vulnerability in multiple products
Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp CWE-269
5.5
2019-11-14 CVE-2019-14574 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel netapp CWE-125
5.5