Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Active_iq_performance_analytics_services
(Netapp)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-01-07 | CVE-2019-5489 | The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | Linux_kernel, Active_iq_performance_analytics_services, Element_software_management_node | 5.5 | ||
| 2019-07-26 | CVE-2018-20855 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | Linux_kernel, Active_iq_performance_analytics_services, Active_iq_unified_manager, Data_availability_services, Element_software, Leap | N/A | ||
| 2019-09-04 | CVE-2019-15902 | A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | Debian_linux, Linux_kernel, Active_iq_performance_analytics_services, Baseboard_management_controller_firmware, Service_processor, Leap | N/A | ||
| 2019-03-21 | CVE-2018-19985 | The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. | Debian_linux, Linux_kernel, Active_iq_performance_analytics_services, Element_software_management_node | 4.6 | ||
| 2018-09-21 | CVE-2018-16597 | An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. | Linux_kernel, Active_iq_performance_analytics_services, Element_software, Leap | 5.5 | ||
| 2018-12-13 | CVE-2018-19039 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge, Ceph_storage, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2018-12-13 | CVE-2018-19039 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge, Ceph_storage, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2018-06-11 | CVE-2018-12099 | Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge | 6.1 | ||
| 2019-03-25 | CVE-2019-7612 | A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | Logstash, Active_iq_performance_analytics_services | 9.8 |