Product:

Cn1610_firmware

(Netapp)
Repositories https://github.com/openbsd/src
https://github.com/torvalds/linux
#Vulnerabilities 22
Date Id Summary Products Score Patch Annotated
2018-08-17 CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. Ubuntu_linux, Debian_linux, Aff_baseboard_management_controller, Cloud_backup, Clustered_data_ontap, Cn1610_firmware, Data_ontap, Data_ontap_edge, Fas_baseboard_management_controller, Oncommand_unified_manager, Ontap_select_deploy, Service_processor, Steelstore_cloud_integrated_storage, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Openssh, Sun_zfs_storage_appliance_kit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Scalance_x204rna_firmware 5.3
2019-03-25 CVE-2019-3874 The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager_for_vmware_vsphere, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Enterprise_linux 6.5
2019-04-24 CVE-2019-3882 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager_for_vmware_vsphere, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console_for_vmware_vsphere, Leap 5.5
2019-04-22 CVE-2019-3901 A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in... Debian_linux, Linux_kernel, Active_iq_unified_manager_for_vmware_vsphere, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console_for_vmware_vsphere 4.7
2019-06-03 CVE-2019-3846 A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager_for_vmware_vsphere, Cn1610_firmware, H610s_firmware, Hci_management_node, Solidfire, Leap, Enterprise_linux 8.8
2019-06-14 CVE-2019-10126 A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Ubuntu_linux, Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Cn1610_firmware, H610s_firmware, Hci_management_node, Solidfire, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization 9.8
2017-10-26 CVE-2017-15906 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Debian_linux, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, Cn1610_firmware, Data_ontap_edge, Hci_management_node, Oncommand_unified_manager_core_package, Solidfire, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Openssh, Sun_zfs_storage_appliance_kit, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 5.3
2019-02-25 CVE-2019-9162 In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. Ubuntu_linux, Linux_kernel, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire 7.8
2019-05-08 CVE-2019-11815 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Snapprotect, Solidfire, Storage_replication_adapter, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap 8.1
2019-02-22 CVE-2019-9003 In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. Ubuntu_linux, Linux_kernel, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Leap 7.5