Filtered by vendor Netapp
Subscriptions
Filtered by product H410c Firmware
Subscriptions
Total
220 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0667 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.5 High |
| When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | ||||
| CVE-2022-0646 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. | ||||
| CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.5 High |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | ||||
| CVE-2022-0516 | 5 Debian, Fedoraproject, Linux and 2 more | 32 Debian Linux, Fedora, Linux Kernel and 29 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | ||||
| CVE-2022-0500 | 4 Fedoraproject, Linux, Netapp and 1 more | 21 Fedora, Linux Kernel, H300e and 18 more | 2024-11-21 | 7.8 High |
| A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. | ||||
| CVE-2022-0396 | 5 Fedoraproject, Isc, Netapp and 2 more | 20 Fedora, Bind, H300e and 17 more | 2024-11-21 | 5.3 Medium |
| BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. | ||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 52 Fedora, Linux Kernel, H300e and 49 more | 2024-11-21 | 7.8 High |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2022-0185 | 3 Linux, Netapp, Redhat | 20 Linux Kernel, H300e, H300e Firmware and 17 more | 2024-11-21 | 8.4 High |
| A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. | ||||
| CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 15 Debian Linux, Linux Kernel, H300s and 12 more | 2024-11-21 | 7.1 High |
| An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | ||||
| CVE-2021-4203 | 4 Linux, Netapp, Oracle and 1 more | 25 Linux Kernel, A700s, A700s Firmware and 22 more | 2024-11-21 | 6.8 Medium |
| A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | ||||
| CVE-2021-4197 | 6 Broadcom, Debian, Linux and 3 more | 16 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 13 more | 2024-11-21 | 7.8 High |
| An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | ||||
| CVE-2021-4090 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.1 High |
| An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. | ||||
| CVE-2021-4083 | 5 Debian, Linux, Netapp and 2 more | 30 Debian Linux, Linux Kernel, H300e and 27 more | 2024-11-21 | 7.0 High |
| A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | ||||
| CVE-2021-4044 | 3 Netapp, Nodejs, Openssl | 26 500f, 500f Firmware, A250 and 23 more | 2024-11-21 | 7.5 High |
| Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). | ||||
| CVE-2021-45868 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | ||||
| CVE-2021-45485 | 4 Linux, Netapp, Oracle and 1 more | 46 Linux Kernel, Aff A400, Aff A400 Firmware and 43 more | 2024-11-21 | 7.5 High |
| In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | ||||
| CVE-2021-45469 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-11-21 | 7.8 High |
| In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | ||||
| CVE-2021-45100 | 3 Ksmbd Project, Linux, Netapp | 18 Ksmbd, Linux Kernel, H300e and 15 more | 2024-11-21 | 7.5 High |
| The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. | ||||
| CVE-2021-44733 | 5 Debian, Fedoraproject, Linux and 2 more | 20 Debian Linux, Fedora, Linux Kernel and 17 more | 2024-11-21 | 7.0 High |
| A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. | ||||
| CVE-2021-43976 | 6 Debian, Fedoraproject, Linux and 3 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 4.6 Medium |
| In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | ||||