Vulnerabilities > Netapp > Solidfire

DATE CVE VULNERABILITY TITLE RISK
2019-02-25 CVE-2019-9162 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation.
local
low complexity
linux netapp canonical CWE-787
7.8
2019-02-24 CVE-2019-9075 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical f5 CWE-787
7.8
2019-02-24 CVE-2019-9074 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical CWE-125
5.5
2019-02-24 CVE-2019-9073 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical CWE-770
5.5
2019-02-24 CVE-2019-9072 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp CWE-770
5.5
2019-02-24 CVE-2019-9071 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical CWE-674
5.5
2019-02-22 CVE-2019-9003 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
network
low complexity
linux netapp canonical opensuse CWE-416
7.5
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec.
8.6
2018-06-26 CVE-2017-7658 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second.
network
low complexity
eclipse debian oracle hp netapp CWE-444
critical
9.8
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
7.5