Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netapp Subscribe
Filtered by product A400
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8835 4 Canonical, Fedoraproject, Linux and 1 more 47 Ubuntu Linux, Fedora, Linux Kernel and 44 more 2023-02-24 7.2 HIGH 7.8 HIGH
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
CVE-2022-30594 3 Debian, Linux, Netapp 21 Debian Linux, Linux Kernel, 8300 and 18 more 2023-02-23 4.4 MEDIUM 7.8 HIGH
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2019-20054 2 Linux, Netapp 17 Linux Kernel, 8300, 8300 Firmware and 14 more 2023-01-20 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2022-0742 2 Linux, Netapp 27 Linux Kernel, A400, A400 Firmware and 24 more 2023-01-20 7.8 HIGH 7.5 HIGH
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
CVE-2020-29661 6 Broadcom, Debian, Fedoraproject and 3 more 18 Fabric Operating System, Debian Linux, Fedora and 15 more 2023-01-17 7.2 HIGH 7.8 HIGH
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-15025 4 Netapp, Ntp, Opensuse and 1 more 27 8300, 8300 Firmware, 8700 and 24 more 2022-09-02 4.0 MEDIUM 4.9 MEDIUM
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
CVE-2019-5108 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2022-06-17 3.3 LOW 6.5 MEDIUM
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
CVE-2019-18282 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, 8300 and 16 more 2022-04-18 5.0 MEDIUM 5.3 MEDIUM
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
CVE-2019-20095 3 Linux, Netapp, Opensuse 19 Linux Kernel, 8300, 8300 Firmware and 16 more 2022-04-18 4.9 MEDIUM 5.5 MEDIUM
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-18683 6 Broadcom, Canonical, Debian and 3 more 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more 2022-04-18 6.9 MEDIUM 7.0 HIGH
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVE-2019-19965 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2022-03-31 1.9 LOW 4.7 MEDIUM
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2020-29660 5 Broadcom, Debian, Fedoraproject and 2 more 17 Fabric Operating System, Debian Linux, Fedora and 14 more 2021-11-30 2.1 LOW 4.4 MEDIUM
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.