Filtered by vendor Netapp
Subscribe
Filtered by product Steelstore Cloud Integrated Storage
Subscribe
Total
211 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19447 | 2 Linux, Netapp | 7 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 4 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | |||||
| CVE-2019-19816 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | |||||
| CVE-2019-20386 | 5 Canonical, Fedoraproject, Netapp and 2 more | 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more | 2024-02-28 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | |||||
| CVE-2020-8992 | 4 Canonical, Linux, Netapp and 1 more | 11 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | |||||
| CVE-2019-18282 | 3 Debian, Linux, Netapp | 19 Debian Linux, Linux Kernel, 8300 and 16 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. | |||||
| CVE-2019-19947 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | |||||
| CVE-2019-20330 | 4 Debian, Fasterxml, Netapp and 1 more | 30 Debian Linux, Jackson-databind, Active Iq Unified Manager and 27 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | |||||
| CVE-2019-14591 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-11089 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-19377 | 2 Linux, Netapp | 5 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | |||||
| CVE-2019-14590 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-20054 | 2 Linux, Netapp | 17 Linux Kernel, 8300, 8300 Firmware and 14 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | |||||
| CVE-2019-17267 | 5 Debian, Fasterxml, Netapp and 2 more | 13 Debian Linux, Jackson-databind, Active Iq Unified Manager and 10 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | |||||
| CVE-2020-10029 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | |||||
| CVE-2020-7595 | 7 Canonical, Debian, Fedoraproject and 4 more | 32 Ubuntu Linux, Debian Linux, Fedora and 29 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | |||||
| CVE-2019-20388 | 6 Debian, Fedoraproject, Netapp and 3 more | 31 Debian Linux, Fedora, Cloud Backup and 28 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | |||||
| CVE-2020-9391 | 3 Fedoraproject, Linux, Netapp | 10 Fedora, Linux Kernel, Active Iq Unified Manager and 7 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. | |||||
| CVE-2019-11111 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-19050 | 5 Broadcom, Canonical, Fedoraproject and 2 more | 22 Fabric Operating System, Ubuntu Linux, Fedora and 19 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. | |||||
| CVE-2020-2583 | 7 Canonical, Debian, Mcafee and 4 more | 24 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 21 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||