Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solidfire
(Netapp)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/opencontainers/runc • https://github.com/madler/zlib • https://github.com/openbsd/src |
| #Vulnerabilities | 192 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-24 | CVE-2019-9072 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. | Binutils, Hci_management_node, Solidfire | 5.5 | ||
| 2019-02-24 | CVE-2019-9074 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | Ubuntu_linux, Binutils, Hci_management_node, Solidfire | 5.5 | ||
| 2019-02-24 | CVE-2019-9075 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | Ubuntu_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_policy_webaccelerator, Big\-Ip_webaccelerator, Binutils, Hci_management_node, Solidfire | 7.8 | ||
| 2019-05-08 | CVE-2019-11815 | An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Snapprotect, Solidfire, Storage_replication_adapter, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap | 8.1 | ||
| 2019-09-30 | CVE-2019-16995 | In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. | Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Leap | 7.5 | ||
| 2020-10-22 | CVE-2019-17006 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | Network_security_services, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Ruggedcom_rox_mx5000_firmware, Ruggedcom_rox_rx1400_firmware, Ruggedcom_rox_rx1500_firmware, Ruggedcom_rox_rx1501_firmware, Ruggedcom_rox_rx1510_firmware, Ruggedcom_rox_rx1511_firmware, Ruggedcom_rox_rx1512_firmware, Ruggedcom_rox_rx5000_firmware | 9.8 | ||
| 2019-11-18 | CVE-2019-19069 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. | Fabric_operating_system, Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage | 7.5 | ||
| 2019-11-07 | CVE-2019-18805 | An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | Fabric_operating_system, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux | 9.8 | ||
| 2019-02-22 | CVE-2019-9003 | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. | Ubuntu_linux, Linux_kernel, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Leap | 7.5 | ||
| 2019-03-27 | CVE-2019-10125 | An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. | Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire | 9.8 |