Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netapp Subscribe
Filtered by product Element Software Management Node
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7222 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2023-02-28 2.1 LOW 5.5 MEDIUM
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-14287 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-04-18 9.0 HIGH 8.8 HIGH
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
CVE-2017-7657 5 Debian, Eclipse, Hp and 2 more 18 Debian Linux, Jetty, Xp P9000 and 15 more 2021-07-20 7.5 HIGH 9.8 CRITICAL
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CVE-2018-3627 2 Intel, Netapp 26 Converged Security Management Engine Firmware, Core I3, Core I5 and 23 more 2021-05-07 4.6 MEDIUM 8.2 HIGH
Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
CVE-2019-7221 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2020-10-15 4.6 MEDIUM 7.8 HIGH
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-5489 2 Linux, Netapp 3 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node 2020-08-24 2.1 LOW 5.5 MEDIUM
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
CVE-2017-3135 4 Debian, Isc, Netapp and 1 more 10 Debian Linux, Bind, Data Ontap Edge and 7 more 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
CVE-2018-19985 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 1 more 2019-09-02 2.1 LOW 4.6 MEDIUM
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
CVE-2018-20449 2 Linux, Netapp 2 Linux Kernel, Element Software Management Node 2019-05-02 2.1 LOW 5.5 MEDIUM
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.