Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H300s Firmware
Total 265 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3753 3 Linux, Netapp, Redhat 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more 2024-11-21 1.9 LOW 4.7 MEDIUM
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 27 Debian Linux, Fedora, Linux Kernel and 24 more 2024-11-21 7.9 HIGH 7.1 HIGH
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3743 4 Fedoraproject, Linux, Netapp and 1 more 21 Fedora, Linux Kernel, H300e and 18 more 2024-11-21 3.6 LOW 7.1 HIGH
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-3739 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, H300e and 15 more 2024-11-21 3.6 LOW 7.1 HIGH
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
CVE-2021-3640 5 Canonical, Debian, Fedoraproject and 2 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2021-3612 6 Debian, Fedoraproject, Linux and 3 more 26 Debian Linux, Fedora, Linux Kernel and 23 more 2024-11-21 7.2 HIGH 7.8 HIGH
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3609 3 Linux, Netapp, Redhat 43 Linux Kernel, H300e, H300e Firmware and 40 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
CVE-2021-3541 4 Netapp, Oracle, Redhat and 1 more 27 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 24 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
CVE-2021-3506 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, Cloud Backup and 17 more 2024-11-21 5.6 MEDIUM 7.1 HIGH
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-3501 4 Fedoraproject, Linux, Netapp and 1 more 27 Fedora, Linux Kernel, Cloud Backup and 24 more 2024-11-21 3.6 LOW 7.1 HIGH
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2021-3483 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected
CVE-2021-38300 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more 2024-11-21 7.2 HIGH 7.8 HIGH
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
CVE-2021-34866 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-11-21 7.2 HIGH 7.8 HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.
CVE-2021-33574 4 Debian, Fedoraproject, Gnu and 1 more 20 Debian Linux, Fedora, Glibc and 17 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVE-2021-33200 3 Fedoraproject, Linux, Netapp 19 Fedora, Linux Kernel, Cloud Backup and 16 more 2024-11-21 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2021-32399 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more 2024-11-21 4.4 MEDIUM 7.0 HIGH
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2021-31440 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.
CVE-2021-29154 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-11-21 7.2 HIGH 7.8 HIGH
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVE-2021-28691 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-11-21 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.