Netapp Aff A400 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Netapp Aff A400 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2019-18805 — CVSS 9.8 (critical): An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer…
CVE-2021-33060 — CVSS 7.8 (high): Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of…
CVE-2019-19448 — CVSS 7.8 (high): In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs…
CVE-2019-19816 — CVSS 7.8 (high): In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write…
CVE-2019-25045 — CVSS 7.8 (high): An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic…
CVE-2019-19050 — CVSS 7.5 (high): A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause…
CVE-2021-45485 — CVSS 7.5 (high): In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a…
CVE-2022-1473 — CVSS 7.5 (high): The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash…
CVE-2019-19069 — CVSS 7.5 (high): A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2020-15436 — CVSS 6.7 (medium): Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of…
CVE-2022-1434 — CVSS 5.9 (medium): The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially…
CVE-2022-36879 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be…
CVE-2019-19813 — CVSS 5.5 (medium): In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can…
CVE-2020-8832 — CVSS 5.5 (medium): The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context…
CVE-2022-1343 — CVSS 5.3 (medium): The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag…
CVE-2020-35508 — CVSS 4.5 (medium): A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process…
CVE-2019-19318 — CVSS 4.4 (medium): In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in…
CVE-2020-10732 — CVSS 3.3 (low): A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a…