Solidfire

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-26	CVE-2019-3844	Privilege Chaining vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. local low complexity systemd-project canonical netapp CWE-268	7.8
2019-04-26	CVE-2019-3843	Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. local low complexity systemd-project fedoraproject canonical netapp CWE-269	7.8
2019-04-25	CVE-2019-3900	Infinite Loop vulnerability in multiple products An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle CWE-835	7.7
2019-04-24	CVE-2019-3882	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. local low complexity linux fedoraproject debian canonical opensuse netapp CWE-770	5.5
2019-04-23	CVE-2019-11486	Race Condition vulnerability in multiple products The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. local high complexity linux debian opensuse netapp CWE-362	7.0
2019-04-22	CVE-2019-3901	Improper Locking vulnerability in multiple products A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. local high complexity linux debian netapp CWE-667	4.7
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2019-03-27	CVE-2019-10125	Use After Free vulnerability in multiple products An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. network low complexity linux netapp CWE-416 critical	10.0
2019-03-25	CVE-2019-3874	Resource Exhaustion vulnerability in multiple products The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. low complexity linux debian redhat canonical netapp CWE-400	6.5
2019-03-22	CVE-2019-9924	Missing Authorization vulnerability in multiple products rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. local low complexity gnu debian opensuse netapp canonical CWE-862	7.2