Virtual Storage Console For Vmware Vsphere

virtual_storage_console_for_vmware_vsphere

Vendor: Netapp • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-3900 7Canonical DebianFedoraproject+4 more 14Active Iq Unified Manager For Vmware Vsphere Cn1610 FirmwareDebian Linux+11 more Nov 21, 2024 Apr 25, 2019 N/A· v4 7.7 HIGH· v3 6.8 MEDIUM· v2 An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other...Show more An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.Show less
CVE-2019-3882 6Canonical DebianFedoraproject+3 more 13Active Iq Unified Manager For Vmware Vsphere Cn1610 FirmwareDebian Linux+10 more Nov 21, 2024 Apr 24, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administra...Show more A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.Show less
CVE-2019-3901 3Debian LinuxNetapp 10Active Iq Unified Manager For Vmware Vsphere Cn1610 FirmwareDebian Linux+7 more Nov 21, 2024 Apr 22, 2019 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is poss...Show more A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.Show less
CVE-2016-5711 1Netapp 1Virtual Storage Console For Vmware Vsphere May 13, 2026 Feb 7, 2017 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.