Vulnerabilities > Netapp > Solidfire > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-25 CVE-2019-15538 Resource Exhaustion vulnerability in multiple products
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.
7.5
2019-07-17 CVE-2019-13272 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). 7.8
2019-06-03 CVE-2019-12615 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6.
network
low complexity
linux netapp CWE-476
7.5
2019-06-03 CVE-2019-3846 Heap-based Buffer Overflow vulnerability in multiple products
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
8.8
2019-05-28 CVE-2019-5436 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.8
2019-05-08 CVE-2019-11815 Use After Free vulnerability in multiple products
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8.
network
high complexity
linux canonical debian opensuse netapp CWE-416
8.1
2019-04-26 CVE-2019-3844 Privilege Chaining vulnerability in multiple products
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set.
local
low complexity
systemd-project canonical netapp CWE-268
7.8
2019-04-26 CVE-2019-3843 Improper Privilege Management vulnerability in multiple products
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated.
7.8
2019-04-25 CVE-2019-3900 Infinite Loop vulnerability in multiple products
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx().
7.7
2019-04-23 CVE-2019-11486 Race Condition vulnerability in multiple products
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
local
high complexity
linux debian opensuse netapp CWE-362
7.0