Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H300s Firmware
Total 265 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12770 5 Canonical, Debian, Fedoraproject and 2 more 36 Ubuntu Linux, Debian Linux, Fedora and 33 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12769 5 Canonical, Debian, Linux and 2 more 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-12653 4 Debian, Linux, Netapp and 1 more 35 Debian Linux, Linux Kernel, A700s and 32 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
CVE-2020-12243 8 Apple, Broadcom, Canonical and 5 more 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-11884 5 Canonical, Debian, Fedoraproject and 2 more 35 Ubuntu Linux, Debian Linux, Fedora and 32 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 55 Debian Linux, Drupal, Fedora and 52 more 2024-11-21 4.3 MEDIUM 6.9 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022 8 Debian, Drupal, Fedoraproject and 5 more 78 Debian Linux, Drupal, Fedora and 75 more 2024-11-21 4.3 MEDIUM 6.9 MEDIUM
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-10732 4 Canonical, Linux, Netapp and 1 more 31 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 28 more 2024-11-21 3.6 LOW 3.3 LOW
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-10690 6 Canonical, Debian, Linux and 3 more 33 Ubuntu Linux, Debian Linux, Linux Kernel and 30 more 2024-11-21 4.4 MEDIUM 6.5 MEDIUM
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
CVE-2019-2215 5 Canonical, Debian, Google and 2 more 145 Ubuntu Linux, Debian Linux, Android and 142 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVE-2019-25045 2 Linux, Netapp 41 Linux Kernel, Aff 8300, Aff 8300 Firmware and 38 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.
CVE-2019-25044 2 Linux, Netapp 21 Linux Kernel, Cloud Backup, H300e and 18 more 2024-11-21 7.2 HIGH 7.8 HIGH
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2019-20388 6 Debian, Fedoraproject, Netapp and 3 more 31 Debian Linux, Fedora, Cloud Backup and 28 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-16995 3 Linux, Netapp, Opensuse 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more 2024-11-21 7.8 HIGH 7.5 HIGH
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
CVE-2019-15538 6 Canonical, Debian, Fedoraproject and 3 more 28 Ubuntu Linux, Debian Linux, Fedora and 25 more 2024-11-21 7.8 HIGH 7.5 HIGH
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 44 Ubuntu Linux, Debian Linux, Fedora and 41 more 2024-11-21 7.2 HIGH 7.8 HIGH
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 38 Ubuntu Linux, Debian Linux, Fedora and 35 more 2024-11-21 7.2 HIGH 8.8 HIGH
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-14816 7 Canonical, Debian, Fedoraproject and 4 more 54 Ubuntu Linux, Debian Linux, Fedora and 51 more 2024-11-21 7.2 HIGH 7.8 HIGH
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14814 6 Canonical, Debian, Linux and 3 more 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more 2024-11-21 7.2 HIGH 7.8 HIGH
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2018-25032 10 Apple, Azul, Debian and 7 more 37 Mac Os X, Macos, Zulu and 34 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.