Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Cloud Backup
Total 322 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25221 2 Linux, Netapp 6 Linux Kernel, Cloud Backup, Hci Compute Node and 3 more 2023-02-02 7.2 HIGH 7.8 HIGH
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
CVE-2020-27786 3 Linux, Netapp, Redhat 6 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller and 3 more 2023-02-02 7.2 HIGH 7.8 HIGH
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-20197 4 Broadcom, Gnu, Netapp and 1 more 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more 2023-02-02 3.3 LOW 6.3 MEDIUM
There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVE-2021-20284 2 Gnu, Netapp 3 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility 2023-02-02 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVE-2020-10757 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2023-02-02 6.9 MEDIUM 7.8 HIGH
A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2019-10160 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2023-02-02 5.0 MEDIUM 9.8 CRITICAL
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
CVE-2018-16871 3 Linux, Netapp, Redhat 28 Linux Kernel, Cloud Backup, H300e and 25 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVE-2020-35507 4 Broadcom, Gnu, Netapp and 1 more 9 Brocade Fabric Operating System, Binutils, Cloud Backup and 6 more 2023-01-24 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
CVE-2019-25044 2 Linux, Netapp 21 Linux Kernel, Cloud Backup, H300e and 18 more 2023-01-24 7.2 HIGH 7.8 HIGH
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2019-20054 2 Linux, Netapp 17 Linux Kernel, 8300, 8300 Firmware and 14 more 2023-01-20 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-19044 4 Broadcom, Canonical, Linux and 1 more 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more 2023-01-20 7.8 HIGH 7.5 HIGH
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
CVE-2019-19060 5 Broadcom, Canonical, Linux and 2 more 18 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 15 more 2023-01-19 7.8 HIGH 7.5 HIGH
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
CVE-2019-19061 4 Broadcom, Canonical, Linux and 1 more 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more 2023-01-19 7.8 HIGH 7.5 HIGH
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
CVE-2019-19053 4 Broadcom, Canonical, Linux and 1 more 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more 2023-01-19 7.8 HIGH 7.5 HIGH
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.
CVE-2019-19052 7 Broadcom, Canonical, Debian and 4 more 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 17 more 2023-01-19 7.8 HIGH 7.5 HIGH
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2023-01-19 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2020-25671 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-01-17 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
CVE-2020-25670 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-01-17 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
CVE-2021-3612 6 Debian, Fedoraproject, Linux and 3 more 26 Debian Linux, Fedora, Linux Kernel and 23 more 2023-01-11 7.2 HIGH 7.8 HIGH
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-41073 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2023-01-11 7.2 HIGH 7.8 HIGH
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.