Vulnerabilities > Netapp > Solidfire Baseboard Management Controller Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-07 CVE-2021-27365 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3.
local
low complexity
linux debian oracle netapp CWE-787
4.6
2021-03-05 CVE-2021-28039 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen.
local
low complexity
xen linux netapp CWE-131
6.5
2021-03-05 CVE-2021-28038 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV.
local
low complexity
linux debian netapp CWE-770
6.5
2021-01-05 CVE-2020-36158 Classic Buffer Overflow vulnerability in multiple products
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
local
low complexity
linux fedoraproject debian netapp CWE-120
6.7
2020-12-11 CVE-2020-27825 Race Condition vulnerability in multiple products
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1).
local
high complexity
linux redhat debian netapp CWE-362
5.7
2020-12-10 CVE-2020-27350 Integer Overflow or Wraparound vulnerability in multiple products
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc.
local
low complexity
debian netapp CWE-190
5.7
2020-12-09 CVE-2020-29660 Improper Locking vulnerability in multiple products
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
4.4
2020-11-23 CVE-2020-15436 Use After Free vulnerability in multiple products
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
local
low complexity
linux broadcom netapp CWE-416
6.7
2020-05-18 CVE-2020-13143 Out-of-bounds Read vulnerability in multiple products
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
network
low complexity
linux opensuse debian canonical netapp CWE-125
6.5
2020-05-15 CVE-2020-12888 Improper Handling of Exceptional Conditions vulnerability in multiple products
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3