Lucene search

K
NetappAff A400 Firmware

21 matches found

CVE
CVE
added 2022/05/03 4:15 p.m.1123 views

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the s...

10CVSS9AI score0.6768EPSS
CVE
CVE
added 2022/06/21 3:15 p.m.1116 views

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there ...

10CVSS9.2AI score0.7123EPSS
CVE
CVE
added 2021/07/07 12:15 p.m.652 views

CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

8.3CVSS8.3AI score0.84311EPSS
CVE
CVE
added 2020/06/12 2:15 p.m.502 views

CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

4.4CVSS5.6AI score0.00035EPSS
CVE
CVE
added 2021/12/25 2:15 a.m.314 views

CVE-2021-45485

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

7.5CVSS7.2AI score0.00512EPSS
CVE
CVE
added 2022/07/27 4:15 a.m.311 views

CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

5.5CVSS6.2AI score0.00036EPSS
CVE
CVE
added 2020/11/23 9:15 p.m.281 views

CVE-2020-15436

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

7.2CVSS6.9AI score0.00115EPSS
CVE
CVE
added 2019/12/08 2:15 a.m.248 views

CVE-2019-19448

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the ...

7.8CVSS7AI score0.00186EPSS
CVE
CVE
added 2019/11/07 2:15 p.m.214 views

CVE-2019-18805

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unsp...

9.8CVSS9.1AI score0.00567EPSS
CVE
CVE
added 2022/05/03 4:15 p.m.213 views

CVE-2022-1473

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will ...

7.5CVSS8.2AI score0.00238EPSS
CVE
CVE
added 2020/04/10 12:15 a.m.209 views

CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could u...

5.5CVSS6.2AI score0.04704EPSS
CVE
CVE
added 2019/12/17 6:15 a.m.202 views

CVE-2019-19816

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

9.3CVSS7.1AI score0.00188EPSS
CVE
CVE
added 2021/03/26 5:15 p.m.189 views

CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.

4.5CVSS5.1AI score0.00056EPSS
CVE
CVE
added 2022/05/03 4:15 p.m.181 views

CVE-2022-1343

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is an...

5.3CVSS7AI score0.00127EPSS
CVE
CVE
added 2019/11/28 12:15 a.m.174 views

CVE-2019-19318

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,

4.4CVSS6AI score0.0036EPSS
CVE
CVE
added 2022/05/03 4:15 p.m.169 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient...

5.9CVSS7.3AI score0.00059EPSS
CVE
CVE
added 2019/12/17 6:15 a.m.167 views

CVE-2019-19813

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_m...

7.1CVSS5.7AI score0.01528EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.150 views

CVE-2019-19050

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

7.8CVSS7.5AI score0.00909EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.110 views

CVE-2019-19069

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.

7.8CVSS6.8AI score0.00932EPSS
CVE
CVE
added 2021/06/07 8:15 p.m.103 views

CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

7.8CVSS7AI score0.00139EPSS
CVE
CVE
added 2022/08/18 8:15 p.m.55 views

CVE-2021-33060

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8CVSS7.7AI score0.00139EPSS