Vulnerabilities > Netapp > Solidfire > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-19816 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
local
low complexity
linux canonical debian netapp CWE-787
7.8
2019-12-17 CVE-2019-19813 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
7.1
2019-12-08 CVE-2019-19448 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
local
low complexity
linux debian canonical netapp CWE-416
7.8
2019-11-28 CVE-2019-18276 Improper Check for Dropped Privileges vulnerability in multiple products
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
local
low complexity
gnu netapp oracle CWE-273
7.8
2019-11-25 CVE-2019-14815 Heap-based Buffer Overflow vulnerability in multiple products
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
local
low complexity
linux redhat netapp CWE-122
7.8
2019-11-18 CVE-2019-19069 Memory Leak vulnerability in multiple products
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
network
low complexity
linux canonical netapp broadcom CWE-401
7.8
2019-11-18 CVE-2019-19050 Memory Leak vulnerability in multiple products
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
7.5
2019-11-07 CVE-2019-18805 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11.
network
low complexity
linux opensuse redhat netapp broadcom CWE-190
7.5
2019-11-04 CVE-2019-18683 Use After Free vulnerability in multiple products
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8.
7.0
2019-10-21 CVE-2019-17498 Integer Overflow or Wraparound vulnerability in multiple products
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read.
8.1