Vulnerabilities > Netapp > Solidfire > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2019-3901 Improper Locking vulnerability in multiple products
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
local
high complexity
linux debian netapp CWE-667
4.7
2019-03-25 CVE-2019-3874 Resource Exhaustion vulnerability in multiple products
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem.
6.5
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-25 CVE-2019-9162 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation.
local
low complexity
linux netapp canonical CWE-787
4.6
2019-02-24 CVE-2019-9075 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
6.8
2019-02-24 CVE-2019-9074 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
4.3
2019-02-24 CVE-2019-9073 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
4.3
2019-02-24 CVE-2019-9072 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
network
gnu netapp CWE-770
4.3
2019-02-24 CVE-2019-9071 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32.
4.3
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
5.0