Filtered by vendor Netapp Subscriptions
Filtered by product A700s Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-20095 4 Linux, Netapp, Opensuse and 1 more 21 Linux Kernel, 8300, 8300 Firmware and 18 more 2024-08-05 5.5 Medium
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-19965 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2024-08-05 4.7 Medium
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19448 4 Canonical, Debian, Linux and 1 more 27 Ubuntu Linux, Debian Linux, Linux Kernel and 24 more 2024-08-05 7.8 High
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
CVE-2019-18683 6 Broadcom, Canonical, Debian and 3 more 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more 2024-08-05 7.0 High
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVE-2019-18282 4 Debian, Linux, Netapp and 1 more 21 Debian Linux, Linux Kernel, 8300 and 18 more 2024-08-05 5.3 Medium
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
CVE-2019-14816 7 Canonical, Debian, Fedoraproject and 4 more 60 Ubuntu Linux, Debian Linux, Fedora and 57 more 2024-08-05 7.8 High
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14814 6 Canonical, Debian, Linux and 3 more 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more 2024-08-05 7.8 High
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-10126 6 Canonical, Debian, Linux and 3 more 29 Ubuntu Linux, Debian Linux, Linux Kernel and 26 more 2024-08-04 9.8 Critical
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
CVE-2019-5108 6 Canonical, Debian, Linux and 3 more 23 Ubuntu Linux, Debian Linux, Linux Kernel and 20 more 2024-08-04 6.5 Medium
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
CVE-2019-3846 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2024-08-04 8.8 High
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVE-2020-35508 3 Linux, Netapp, Redhat 34 Linux Kernel, A700s, A700s Firmware and 31 more 2024-08-04 4.5 Medium
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
CVE-2020-29660 6 Broadcom, Debian, Fedoraproject and 3 more 18 Fabric Operating System, Debian Linux, Fedora and 15 more 2024-08-04 4.4 Medium
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
CVE-2020-29661 7 Broadcom, Debian, Fedoraproject and 4 more 25 Fabric Operating System, Debian Linux, Fedora and 22 more 2024-08-04 7.8 High
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-15778 4 Broadcom, Netapp, Openbsd and 1 more 11 Fabric Operating System, A700s, A700s Firmware and 8 more 2024-08-04 7.8 High
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
CVE-2020-15436 4 Broadcom, Linux, Netapp and 1 more 37 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 34 more 2024-08-04 6.7 Medium
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVE-2020-13143 5 Canonical, Debian, Linux and 2 more 38 Ubuntu Linux, Debian Linux, Linux Kernel and 35 more 2024-08-04 6.5 Medium
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
CVE-2020-12888 7 Canonical, Debian, Fedoraproject and 4 more 45 Ubuntu Linux, Debian Linux, Fedora and 42 more 2024-08-04 5.3 Medium
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2020-12769 5 Canonical, Debian, Linux and 2 more 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more 2024-08-04 5.5 Medium
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-12771 6 Canonical, Debian, Linux and 3 more 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more 2024-08-04 5.5 Medium
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12770 6 Canonical, Debian, Fedoraproject and 3 more 42 Ubuntu Linux, Debian Linux, Fedora and 39 more 2024-08-04 6.7 Medium
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.