Filtered by vendor Netapp Subscriptions
Filtered by product H300s Subscriptions
Total 289 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-44733 5 Debian, Fedoraproject, Linux and 2 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-11-21 7.0 High
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-43976 6 Debian, Fedoraproject, Linux and 3 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-11-21 4.6 Medium
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-43618 4 Debian, Gmplib, Netapp and 1 more 16 Debian Linux, Gmp, Active Iq Unified Manager and 13 more 2024-11-21 7.5 High
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
CVE-2021-43267 4 Fedoraproject, Linux, Netapp and 1 more 19 Fedora, Linux Kernel, H300e and 16 more 2024-11-21 9.8 Critical
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
CVE-2021-43057 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
CVE-2021-42377 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2024-11-21 9.8 Critical
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
CVE-2021-42376 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2024-11-21 5.5 Medium
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
CVE-2021-42375 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2024-11-21 5.5 Medium
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
CVE-2021-42374 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2024-11-21 5.3 Medium
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
CVE-2021-42373 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2024-11-21 5.5 Medium
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
CVE-2021-42327 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, H300e and 15 more 2024-11-21 6.7 Medium
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
CVE-2021-42252 2 Linux, Netapp 19 Linux Kernel, H300e, H300e Firmware and 16 more 2024-11-21 7.8 High
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
CVE-2021-42008 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, H300e and 17 more 2024-11-21 7.8 High
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2021-41864 5 Debian, Fedoraproject, Linux and 2 more 25 Debian Linux, Fedora, Linux Kernel and 22 more 2024-11-21 7.8 High
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-41184 7 Drupal, Fedoraproject, Jqueryui and 4 more 36 Drupal, Fedora, Jquery Ui and 33 more 2024-11-21 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41183 8 Debian, Drupal, Fedoraproject and 5 more 37 Debian Linux, Drupal, Fedora and 34 more 2024-11-21 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CVE-2021-41182 8 Debian, Drupal, Fedoraproject and 5 more 38 Debian Linux, Drupal, Fedora and 35 more 2024-11-21 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVE-2021-41073 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2024-11-21 7.8 High
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2021-40490 4 Debian, Fedoraproject, Linux and 1 more 29 Debian Linux, Fedora, Linux Kernel and 26 more 2024-11-21 7.0 High
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2021-3999 4 Debian, Gnu, Netapp and 1 more 16 Debian Linux, Glibc, E-series Performance Analyzer and 13 more 2024-11-21 7.8 High
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.