Vulnerabilities > Netapp > Solidfire Baseboard Management Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-19 | CVE-2021-41073 | Release of Invalid Pointer or Reference vulnerability in multiple products loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | 7.8 |
| 2021-05-27 | CVE-2021-33200 | Out-of-bounds Write vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. | 7.8 |
| 2021-05-26 | CVE-2020-25669 | Use After Free vulnerability in multiple products A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. | 7.8 |
| 2021-02-05 | CVE-2021-26708 | Improper Locking vulnerability in multiple products A local privilege escalation was discovered in the Linux kernel before 5.10.13. | 7.0 |
| 2020-12-11 | CVE-2020-27786 | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. | 7.8 |
| 2020-12-06 | CVE-2020-29573 | Out-of-bounds Write vulnerability in multiple products sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. | 7.5 |
| 2020-09-10 | CVE-2020-25221 | Operation on a Resource after Expiration or Release vulnerability in multiple products get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. | 7.8 |
| 2020-07-20 | CVE-2020-15852 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. | 7.8 |
| 2020-05-05 | CVE-2020-12659 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel before 5.6.7. | 6.7 |
| 2020-04-29 | CVE-2020-12465 | Classic Buffer Overflow vulnerability in multiple products An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. | 6.7 |