Vulnerabilities > Netapp > Solidfire

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2019-14444 Integer Overflow or Wraparound vulnerability in multiple products
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
local
low complexity
gnu opensuse canonical netapp CWE-190
5.5
2019-07-23 CVE-2019-1010204 Incorrect Conversion between Numeric Types vulnerability in multiple products
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read.
local
low complexity
gnu netapp CWE-681
5.5
2019-07-17 CVE-2019-13272 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). 7.8
2019-06-14 CVE-2019-10126 A flaw was found in the Linux kernel.
network
low complexity
linux redhat canonical debian opensuse netapp
critical
9.8
2019-06-03 CVE-2019-12615 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6.
network
low complexity
linux netapp CWE-476
7.5
2019-06-03 CVE-2019-3846 A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. 8.8
2019-05-28 CVE-2019-5436 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.8
2019-05-08 CVE-2019-11815 Use After Free vulnerability in multiple products
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8.
network
high complexity
linux canonical debian opensuse netapp CWE-416
8.1
2019-04-26 CVE-2019-3844 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set.
local
low complexity
systemd-project canonical netapp
7.8
2019-04-26 CVE-2019-3843 Improper Privilege Management vulnerability in multiple products
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated.
7.8