Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NetappCn1610 Firmware

16 matches found

CVE
CVEadded 2019/02/27 11:29 p.m.779 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVEadded 2019/06/03 7:29 p.m.564 views

CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

8.8CVSS9.1AI score0.00324EPSS
CVE
CVEadded 2019/04/25 3:29 p.m.418 views

CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to st...

7.7CVSS8.4AI score0.00118EPSS
CVE
CVEadded 2019/06/14 2:29 p.m.413 views

CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

9.8CVSS9.8AI score0.00873EPSS
CVE
CVEadded 2019/03/21 4:0 p.m.390 views

CVE-2018-20669

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resultin...

7.8CVSS7.2AI score0.00098EPSS
CVE
CVEadded 2019/05/08 2:29 p.m.368 views

CVE-2019-11815

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

9.3CVSS7.5AI score0.01592EPSS
CVE
CVEadded 2019/04/24 4:29 p.m.326 views

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion...

5.5CVSS6.3AI score0.00038EPSS
CVE
CVEadded 2019/03/25 7:29 p.m.321 views

CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

6.5CVSS6.7AI score0.00056EPSS
CVE
CVEadded 2019/02/22 3:29 p.m.245 views

CVE-2019-9003

In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

7.8CVSS7.3AI score0.07134EPSS
CVE
CVEadded 2019/04/22 4:29 p.m.206 views

CVE-2019-3901

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid e...

5.6CVSS5.4AI score0.00072EPSS
CVE
CVEadded 2019/02/25 11:29 p.m.198 views

CVE-2019-9162

In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_versio...

7.8CVSS7.1AI score0.00188EPSS
CVE
CVEadded 2019/04/26 9:29 p.m.166 views

CVE-2019-3844

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will ...

7.8CVSS7.4AI score0.00175EPSS
CVE
CVEadded 2019/06/03 10:29 p.m.163 views

CVE-2019-12615

An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

7.8CVSS7AI score0.02025EPSS
CVE
CVEadded 2019/04/26 9:29 p.m.139 views

CVE-2019-3843

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially differ...

7.8CVSS7.2AI score0.0014EPSS
CVE
CVEadded 2019/03/27 6:29 a.m.109 views

CVE-2019-10125

An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.

10CVSS8.9AI score0.04265EPSS
CVE
CVEadded 2019/05/17 4:29 a.m.88 views

CVE-2018-20839

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

4.3CVSS9.1AI score0.00668EPSS