Filtered by vendor Netapp
Subscriptions
Filtered by product E-series Santricity Os Controller
Subscriptions
Total
242 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19050 | 5 Broadcom, Canonical, Fedoraproject and 2 more | 22 Fabric Operating System, Ubuntu Linux, Fedora and 19 more | 2024-11-21 | 7.5 High |
| A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. | ||||
| CVE-2019-19044 | 4 Broadcom, Canonical, Linux and 1 more | 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more | 2024-11-21 | 7.5 High |
| Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762. | ||||
| CVE-2019-18805 | 5 Broadcom, Linux, Netapp and 2 more | 22 Fabric Operating System, Linux Kernel, Active Iq Unified Manager and 19 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | ||||
| CVE-2019-18683 | 6 Broadcom, Canonical, Debian and 3 more | 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more | 2024-11-21 | 7.0 High |
| An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. | ||||
| CVE-2019-18282 | 4 Debian, Linux, Netapp and 1 more | 21 Debian Linux, Linux Kernel, 8300 and 18 more | 2024-11-21 | 5.3 Medium |
| The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. | ||||
| CVE-2019-17273 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 6.5 Medium |
| E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. | ||||
| CVE-2019-16168 | 9 Canonical, Debian, Fedoraproject and 6 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-11-21 | 6.5 Medium |
| In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | ||||
| CVE-2019-13118 | 7 Apple, Canonical, Fedoraproject and 4 more | 25 Icloud, Iphone Os, Itunes and 22 more | 2024-11-21 | 5.3 Medium |
| In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | ||||
| CVE-2019-13115 | 5 Debian, F5, Fedoraproject and 2 more | 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more | 2024-11-21 | 8.1 High |
| In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. | ||||
| CVE-2019-12265 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 5.3 Medium |
| Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. | ||||
| CVE-2019-12263 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 8.1 High |
| Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | ||||
| CVE-2019-12261 | 6 Belden, Netapp, Oracle and 3 more | 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more | 2024-11-21 | 9.8 Critical |
| Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | ||||
| CVE-2019-12260 | 6 Belden, Netapp, Oracle and 3 more | 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more | 2024-11-21 | 9.8 Critical |
| Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | ||||
| CVE-2019-12258 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 7.5 High |
| Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | ||||
| CVE-2019-12257 | 5 Belden, Netapp, Siemens and 2 more | 46 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 43 more | 2024-11-21 | 8.8 High |
| Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | ||||
| CVE-2019-12256 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 9.8 Critical |
| Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | ||||
| CVE-2019-12255 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 9.8 Critical |
| Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | ||||
| CVE-2019-11068 | 8 Canonical, Debian, Fedoraproject and 5 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2024-11-21 | 9.8 Critical |
| libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | ||||
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 12 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 9 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | ||||
| CVE-2018-5492 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | N/A |
| NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | ||||