Netapp Virtual Storage Console For Vmware Vsphere vulnerabilities

CVE-2019-3900 [HIGH] CWE-835 CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scena

CVE-2019-3882 [MEDIUM] CWE-770 CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the u A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.

CVE-2019-3901 [MEDIUM] CWE-667 CVE-2019-3901: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid prog A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches t

CVE-2016-5711 [CRITICAL] CVE-2016-5711: NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.