Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H410s
Total 290 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25668 3 Debian, Linux, Netapp 26 Debian Linux, Linux Kernel, 500f and 23 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
CVE-2020-25670 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-02-28 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2020-27618 4 Debian, Gnu, Netapp and 1 more 24 Debian Linux, Glibc, 500f and 21 more 2024-02-28 2.1 LOW 5.5 MEDIUM
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
CVE-2020-15025 4 Netapp, Ntp, Opensuse and 1 more 27 8300, 8300 Firmware, 8700 and 24 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
CVE-2020-11884 5 Canonical, Debian, Fedoraproject and 2 more 35 Ubuntu Linux, Debian Linux, Fedora and 32 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
CVE-2020-12771 6 Canonical, Debian, Linux and 3 more 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-10732 4 Canonical, Linux, Netapp and 1 more 31 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 28 more 2024-02-28 3.6 LOW 4.4 MEDIUM
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-12653 4 Debian, Linux, Netapp and 1 more 35 Debian Linux, Linux Kernel, A700s and 32 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
CVE-2020-13143 5 Canonical, Debian, Linux and 2 more 38 Ubuntu Linux, Debian Linux, Linux Kernel and 35 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
CVE-2020-8835 4 Canonical, Fedoraproject, Linux and 1 more 47 Ubuntu Linux, Fedora, Linux Kernel and 44 more 2024-02-28 7.2 HIGH 7.8 HIGH
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
CVE-2020-13817 4 Fujitsu, Netapp, Ntp and 1 more 40 M10-1, M10-1 Firmware, M10-4 and 37 more 2024-02-28 5.8 MEDIUM 7.4 HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE-2019-20636 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, Fas 8300 and 15 more 2024-02-28 7.2 HIGH 6.7 MEDIUM
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
CVE-2020-12888 6 Canonical, Debian, Fedoraproject and 3 more 39 Ubuntu Linux, Debian Linux, Fedora and 36 more 2024-02-28 4.7 MEDIUM 5.3 MEDIUM
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2020-12770 5 Canonical, Debian, Fedoraproject and 2 more 36 Ubuntu Linux, Debian Linux, Fedora and 33 more 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-10690 6 Canonical, Debian, Linux and 3 more 33 Ubuntu Linux, Debian Linux, Linux Kernel and 30 more 2024-02-28 4.4 MEDIUM 6.4 MEDIUM
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
CVE-2020-11022 8 Debian, Drupal, Fedoraproject and 5 more 78 Debian Linux, Drupal, Fedora and 75 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-12243 8 Apple, Broadcom, Canonical and 5 more 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-8832 2 Canonical, Netapp 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more 2024-02-28 2.1 LOW 5.5 MEDIUM
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
CVE-2020-12769 5 Canonical, Debian, Linux and 2 more 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.