Netapp Active Iq Unified Manager For Vmware Vsphere vulnerabilities

CVE-2019-3846 [HIGH] CWE-122 CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

CVE-2019-3900 [HIGH] CWE-835 CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scena

CVE-2019-3882 [MEDIUM] CWE-770 CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the u A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.

CVE-2019-3901 [MEDIUM] CWE-667 CVE-2019-3901: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid prog A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches t

CVE-2019-3874 [MEDIUM] CWE-400 CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.