Filtered by vendor Netapp
Subscriptions
Filtered by product H300s Firmware
Subscriptions
Total
265 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25220 | 6 Fedoraproject, Isc, Juniper and 3 more | 50 Fedora, Bind, Junos and 47 more | 2024-09-16 | 6.8 Medium |
| BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. | ||||
| CVE-2023-4813 | 4 Fedoraproject, Gnu, Netapp and 1 more | 23 Fedora, Glibc, Active Iq Unified Manager and 20 more | 2024-09-16 | 5.9 Medium |
| A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | ||||
| CVE-2023-4527 | 4 Fedoraproject, Gnu, Netapp and 1 more | 32 Fedora, Glibc, H300s and 29 more | 2024-09-16 | 6.5 Medium |
| A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | ||||
| CVE-2023-4273 | 5 Debian, Fedoraproject, Linux and 2 more | 12 Debian Linux, Fedora, Linux Kernel and 9 more | 2024-09-16 | 6 Medium |
| A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. | ||||
| CVE-2022-0185 | 3 Linux, Netapp, Redhat | 20 Linux Kernel, H300e, H300e Firmware and 17 more | 2024-09-04 | 8.4 High |
| A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. | ||||
| CVE-2023-32252 | 3 Linux, Netapp, Redhat | 12 Linux Kernel, H300s, H300s Firmware and 9 more | 2024-08-27 | 7.5 High |
| A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | ||||
| CVE-2022-27780 | 3 Haxx, Netapp, Splunk | 15 Curl, Clustered Data Ontap, H300s and 12 more | 2024-08-07 | 7.5 High |
| The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | ||||
| CVE-2017-5123 | 2 Linux, Netapp | 16 Linux Kernel, Cloud Backup, H300e and 13 more | 2024-08-05 | 8.8 High |
| Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. | ||||
| CVE-2018-25020 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2024-08-05 | 7.8 High |
| The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | ||||
| CVE-2018-25032 | 11 Apple, Azul, Debian and 8 more | 45 Mac Os X, Macos, Zulu and 42 more | 2024-08-05 | 7.5 High |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | ||||
| CVE-2018-25015 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-08-05 | 7.8 High |
| An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. | ||||
| CVE-2018-16871 | 3 Linux, Netapp, Redhat | 31 Linux Kernel, Cloud Backup, H300e and 28 more | 2024-08-05 | 7.5 High |
| A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | ||||
| CVE-2019-25045 | 2 Linux, Netapp | 41 Linux Kernel, Aff 8300, Aff 8300 Firmware and 38 more | 2024-08-05 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | ||||
| CVE-2019-25044 | 2 Linux, Netapp | 21 Linux Kernel, Cloud Backup, H300e and 18 more | 2024-08-05 | 7.8 High |
| The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. | ||||
| CVE-2019-20388 | 7 Debian, Fedoraproject, Netapp and 4 more | 34 Debian Linux, Fedora, Cloud Backup and 31 more | 2024-08-05 | 7.5 High |
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | ||||
| CVE-2019-16995 | 3 Linux, Netapp, Opensuse | 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more | 2024-08-05 | 7.5 High |
| In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. | ||||
| CVE-2019-15538 | 7 Canonical, Debian, Fedoraproject and 4 more | 29 Ubuntu Linux, Debian Linux, Fedora and 26 more | 2024-08-05 | 7.5 High |
| An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | ||||
| CVE-2019-14835 | 8 Canonical, Debian, Fedoraproject and 5 more | 49 Ubuntu Linux, Debian Linux, Fedora and 46 more | 2024-08-05 | 7.8 High |
| A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | ||||
| CVE-2019-14821 | 8 Canonical, Debian, Fedoraproject and 5 more | 41 Ubuntu Linux, Debian Linux, Fedora and 38 more | 2024-08-05 | 8.8 High |
| An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. | ||||
| CVE-2019-14816 | 7 Canonical, Debian, Fedoraproject and 4 more | 60 Ubuntu Linux, Debian Linux, Fedora and 57 more | 2024-08-05 | 7.8 High |
| There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||||