Vulnerabilities > Netapp > Solidfire > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-07 CVE-2021-38160 Classic Buffer Overflow vulnerability in multiple products
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.
local
low complexity
linux netapp debian redhat CWE-120
7.8
2021-08-05 CVE-2021-22926 Improper Certificate Validation vulnerability in multiple products
libcurl-using applications can ask for a specific client certificate to be used in a transfer.
network
low complexity
haxx netapp oracle siemens splunk CWE-295
7.5
2021-07-20 CVE-2021-33909 Integer Overflow or Wraparound vulnerability in multiple products
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
7.8
2021-07-07 CVE-2021-22555 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
local
low complexity
linux brocade netapp CWE-787
7.8
2021-05-19 CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
network
low complexity
xmlsoft redhat fedoraproject debian netapp oracle
8.6
2021-04-08 CVE-2021-29154 Command Injection vulnerability in multiple products
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context.
local
low complexity
linux fedoraproject debian netapp CWE-77
7.8
2021-03-05 CVE-2021-28041 Double Free vulnerability in multiple products
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
network
high complexity
openbsd fedoraproject netapp oracle CWE-415
7.1
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8
2021-01-12 CVE-2021-23240 Link Following vulnerability in multiple products
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target.
local
low complexity
sudo-project netapp fedoraproject CWE-59
7.8
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5