Solidfire Baseboard Management Controller Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-09	CVE-2020-29661	Improper Locking vulnerability in multiple products A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. local low complexity linux fedoraproject debian netapp broadcom oracle CWE-667	7.8
2020-12-09	CVE-2020-29660	Improper Locking vulnerability in multiple products A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. local low complexity linux fedoraproject debian netapp broadcom CWE-667	4.4
2020-12-08	CVE-2020-25692	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. network low complexity openldap redhat netapp CWE-476	7.5
2020-12-02	CVE-2020-14305	Out-of-bounds Write vulnerability in multiple products An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. network high complexity linux netapp CWE-787	8.1
2020-11-28	CVE-2020-29370	Race Condition vulnerability in multiple products An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. local high complexity linux netapp CWE-362	7.0
2020-11-23	CVE-2020-15436	Use After Free vulnerability in multiple products Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. local low complexity linux broadcom netapp CWE-416	6.7
2020-08-19	CVE-2020-14356	NULL Pointer Dereference vulnerability in multiple products A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. local low complexity linux redhat opensuse debian canonical netapp CWE-476	7.8
2020-05-18	CVE-2020-13143	Out-of-bounds Read vulnerability in multiple products gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. network low complexity linux opensuse debian canonical netapp CWE-125	6.5
2020-05-15	CVE-2020-12888	Improper Handling of Exceptional Conditions vulnerability in multiple products The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. local high complexity linux fedoraproject opensuse debian canonical netapp CWE-755	5.3
2020-04-10	CVE-2020-8832	Information Exposure vulnerability in multiple products The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. local low complexity canonical netapp CWE-200	5.5