Filtered by vendor Netapp Subscriptions
Filtered by product H300s Firmware Subscriptions
Total 265 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-1199 3 Linux, Netapp, Redhat 13 Linux Kernel, Active Iq Unified Manager, H300s and 10 more 2024-08-02 7.5 High
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.
CVE-2022-1116 2 Linux, Netapp 9 Linux Kernel, H300s, H300s Firmware and 6 more 2024-08-02 7.8 High
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.
CVE-2022-1055 5 Canonical, Fedoraproject, Linux and 2 more 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more 2024-08-02 7.8 High
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-1048 4 Debian, Linux, Netapp and 1 more 22 Debian Linux, Linux Kernel, H300e and 19 more 2024-08-02 7.0 High
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-1011 6 Debian, Fedoraproject, Linux and 3 more 39 Debian Linux, Fedora, Linux Kernel and 36 more 2024-08-02 7.8 High
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2022-0998 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-08-02 7.8 High
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-0995 3 Fedoraproject, Linux, Netapp 24 Fedora, Linux Kernel, H300e and 21 more 2024-08-02 7.8 High
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
CVE-2022-0847 7 Fedoraproject, Linux, Netapp and 4 more 42 Fedora, Linux Kernel, H300e and 39 more 2024-08-02 7.8 High
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVE-2022-0742 2 Linux, Netapp 27 Linux Kernel, A400, A400 Firmware and 24 more 2024-08-02 9.1 Critical
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
CVE-2022-0646 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-08-02 7.8 High
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
CVE-2022-0516 5 Debian, Fedoraproject, Linux and 2 more 32 Debian Linux, Fedora, Linux Kernel and 29 more 2024-08-02 7.8 High
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
CVE-2022-0500 4 Fedoraproject, Linux, Netapp and 1 more 21 Fedora, Linux Kernel, H300e and 18 more 2024-08-02 7.8 High
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
CVE-2022-0435 5 Fedoraproject, Linux, Netapp and 2 more 40 Fedora, Linux Kernel, H300e and 37 more 2024-08-02 8.8 High
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
CVE-2022-0330 4 Fedoraproject, Linux, Netapp and 1 more 52 Fedora, Linux Kernel, H300e and 49 more 2024-08-02 7.8 High
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2023-40791 2 Linux, Netapp 9 Linux Kernel, H300s, H300s Firmware and 6 more 2024-08-02 6.3 Medium
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
CVE-2023-35788 5 Canonical, Debian, Linux and 2 more 20 Ubuntu Linux, Debian Linux, Linux Kernel and 17 more 2024-08-02 7.8 High
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
CVE-2023-33250 2 Linux, Netapp 9 Linux Kernel, H300s, H300s Firmware and 6 more 2024-08-02 4.4 Medium
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
CVE-2023-28464 3 Linux, Netapp, Redhat 7 Linux Kernel, H300s Firmware, H410c Firmware and 4 more 2024-08-02 7.8 High
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVE-2023-28322 5 Apple, Fedoraproject, Haxx and 2 more 17 Macos, Fedora, Curl and 14 more 2024-08-02 3.7 Low
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
CVE-2023-28321 6 Apple, Debian, Fedoraproject and 3 more 17 Macos, Debian Linux, Fedora and 14 more 2024-08-02 5.9 Medium
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.