Virtual Storage Console For Vmware Vsphere
Monthly
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. Rated medium severity (CVSS 4.7).
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. Rated medium severity (CVSS 4.7).
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.