Element Software Management Node NetApp Element Software Management Node

stack.watch can notify you when security vulnerabilities are reported in NetApp Element Software Management Node. You can add multiple products that you use with Element Software Management Node to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in NetApp Element Software Management Node . Last year Element Software Management Node had 6 security vulnerabilities published. Right now, Element Software Management Node is on track to have less security vulerabilities in 2020 than it did last year.

Year Vulnerabilities Average Score
2020 0 0.00
2019 6 6.28
2018 2 9.00

It may take a day or so for new Element Software Management Node vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest NetApp Element Software Management Node Security Vulnerabilities

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account

CVE-2019-14287 8.8 - High - October 17, 2019

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

CVE-2019-14287 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90

CVE-2018-20449 5.5 - Medium - April 04, 2019

The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.

CVE-2018-20449 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

CVE-2019-7221 7.8 - High - March 21, 2019

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

CVE-2019-7221 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

CVE-2019-7222 5.5 - Medium - March 21, 2019

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

CVE-2019-7222 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read

CVE-2018-19985 4.6 - Medium - March 21, 2019

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

CVE-2018-19985 can be explotited with physical access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.9 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Out-of-bounds Read

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13

CVE-2019-5489 5.5 - Medium - January 07, 2019

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

CVE-2019-5489 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Logic bug in Intel Converged Security Management Engine 11.x may

CVE-2018-3627 8.2 - High - July 10, 2018

Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.

CVE-2018-3627 can be explotited with local system access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.5 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

In Eclipse Jetty

CVE-2017-7657 9.8 - Critical - June 26, 2018

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

CVE-2017-7657 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Integer Overflow or Wraparound