Cn1610 Firmware Security Vulnerabilities and Issues — Cn1610 Firmware CVE List

Lucene search

NetappCn1610 Firmware

8 matches found

CVE•added 2018/08/28 8:29 a.m.•12653 views

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "ora...

5.3CVSS5.3AI score0.01233EPSS

CVE•added 2017/10/26 3:29 a.m.•10541 views

CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

5.3CVSS5.5AI score0.02761EPSS

CVE•added 2018/08/17 7:29 p.m.•4797 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

5.3CVSS5.8AI score0.90473EPSS

CVE•added 2019/02/27 11:29 p.m.•784 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS

CVE•added 2018/10/29 1:29 p.m.•465 views

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

5.9CVSS5.7AI score0.07042EPSS

CVE•added 2018/10/30 12:29 p.m.•464 views

CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0....

5.9CVSS5.9AI score0.06051EPSS

CVE•added 2019/04/24 4:29 p.m.•326 views

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion...

5.5CVSS6.3AI score0.00038EPSS

CVE•added 2019/04/22 4:29 p.m.•206 views

CVE-2019-3901

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid e...

5.6CVSS5.4AI score0.00072EPSS