CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2019-14815 – kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS
https://notcve.org/view.php?id=CVE-2019-14815
17 Oct 2019 — A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Se encontró una vulnerabilidad en Linux Kernel, donde se encontró un desbordamiento de pila en la función mwifiex_set_wmm_params () del controlador Marvell Wifi. A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attack... • https://access.redhat.com/errata/RHSA-2020:0174 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 6%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15517
https://notcve.org/view.php?id=CVE-2017-15517
17 Nov 2017 — AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. AltaVault OST Plug-in en versiones anteriores a la 1.2.2 podría permitir que los atacantes obtengan información sensible mediante vectores no especificados. Se recomienda a todos los usuarios migrar a una versión corregida y camb... • https://security.netapp.com/advisory/ntap-20171116-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3998
https://notcve.org/view.php?id=CVE-2016-3998
03 Jul 2017 — NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. NetApp AltaVault versión 4.1 y anteriores permite a atacantes del tipo man-in-the-middle obtener información confidencial, obtener privilegios o provocar una denegación de servicio a través de vectores relacionados con el protocolo SMB. • https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products • CWE-264: Permissions, Privileges, and Access Controls •