Filtered by vendor Netapp
Subscriptions
Filtered by product Steelstore Cloud Integrated Storage
Subscriptions
Total
211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14591 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-08-05 | 5.5 Medium |
| Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-14574 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-08-05 | 5.5 Medium |
| Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-13272 | 6 Canonical, Debian, Fedoraproject and 3 more | 25 Ubuntu Linux, Debian Linux, Fedora and 22 more | 2024-08-04 | 7.8 High |
| In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. | ||||
| CVE-2019-13118 | 7 Apple, Canonical, Fedoraproject and 4 more | 25 Icloud, Iphone Os, Itunes and 22 more | 2024-08-04 | 5.3 Medium |
| In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | ||||
| CVE-2019-11184 | 2 Intel, Netapp | 482 3106, 3106 Firmware, 4109t and 479 more | 2024-08-04 | 4.8 Medium |
| A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. | ||||
| CVE-2019-11112 | 2 Intel, Netapp | 4 Graphics Driver, Cloud Backup, Data Availability Services and 1 more | 2024-08-04 | 7.8 High |
| Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-11111 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-08-04 | 7.8 High |
| Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-11113 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-08-04 | 4.4 Medium |
| Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2019-11089 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-08-04 | 5.5 Medium |
| Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-11068 | 8 Canonical, Debian, Fedoraproject and 5 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2024-08-04 | 9.8 Critical |
| libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | ||||
| CVE-2019-9169 | 5 Canonical, Gnu, Mcafee and 2 more | 7 Ubuntu Linux, Glibc, Web Gateway and 4 more | 2024-08-04 | 9.8 Critical |
| In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | ||||
| CVE-2019-5482 | 7 Debian, Fedoraproject, Haxx and 4 more | 24 Debian Linux, Fedora, Curl and 21 more | 2024-08-04 | 9.8 Critical |
| Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | ||||
| CVE-2019-5436 | 8 Debian, F5, Fedoraproject and 5 more | 15 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 12 more | 2024-08-04 | 7.8 High |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | ||||
| CVE-2019-5108 | 6 Canonical, Debian, Linux and 3 more | 23 Ubuntu Linux, Debian Linux, Linux Kernel and 20 more | 2024-08-04 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | ||||
| CVE-2019-2215 | 5 Canonical, Debian, Google and 2 more | 145 Ubuntu Linux, Debian Linux, Android and 142 more | 2024-08-04 | 7.8 High |
| A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 | ||||
| CVE-2020-15778 | 4 Broadcom, Netapp, Openbsd and 1 more | 11 Fabric Operating System, A700s, A700s Firmware and 8 more | 2024-08-04 | 7.8 High |
| scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | ||||
| CVE-2020-16166 | 8 Canonical, Debian, Fedoraproject and 5 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-08-04 | 3.7 Low |
| The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | ||||
| CVE-2020-15852 | 3 Linux, Netapp, Xen | 5 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller and 2 more | 2024-08-04 | 7.8 High |
| An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. | ||||
| CVE-2020-15025 | 4 Netapp, Ntp, Opensuse and 1 more | 27 8300, 8300 Firmware, 8700 and 24 more | 2024-08-04 | 4.4 Medium |
| ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | ||||
| CVE-2020-14782 | 6 Debian, Mcafee, Netapp and 3 more | 19 Debian Linux, Epolicy Orchestrator, Active Iq Unified Manager and 16 more | 2024-08-04 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||