Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H300s Firmware
Total 265 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-23915 3 Haxx, Netapp, Splunk 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more 2024-03-27 N/A 6.5 MEDIUM
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.
CVE-2023-23916 5 Debian, Fedoraproject, Haxx and 2 more 13 Debian Linux, Fedora, Curl and 10 more 2024-03-27 N/A 6.5 MEDIUM
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
CVE-2023-27533 4 Fedoraproject, Haxx, Netapp and 1 more 13 Fedora, Curl, Active Iq Unified Manager and 10 more 2024-03-27 N/A 8.8 HIGH
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.
CVE-2023-27534 5 Broadcom, Fedoraproject, Haxx and 2 more 13 Brocade Fabric Operating System Firmware, Fedora, Curl and 10 more 2024-03-27 N/A 8.8 HIGH
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
CVE-2023-27535 5 Debian, Fedoraproject, Haxx and 2 more 14 Debian Linux, Fedora, Libcurl and 11 more 2024-03-27 N/A 5.9 MEDIUM
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
CVE-2023-27536 5 Debian, Fedoraproject, Haxx and 2 more 14 Debian Linux, Fedora, Libcurl and 11 more 2024-03-27 N/A 5.9 MEDIUM
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
CVE-2023-27537 4 Broadcom, Haxx, Netapp and 1 more 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more 2024-03-27 N/A 5.9 MEDIUM
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
CVE-2023-27538 6 Broadcom, Debian, Fedoraproject and 3 more 15 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 12 more 2024-03-27 N/A 5.5 MEDIUM
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
CVE-2023-33250 2 Linux, Netapp 9 Linux Kernel, H300s, H300s Firmware and 6 more 2024-03-25 N/A 4.4 MEDIUM
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
CVE-2022-45919 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-03-25 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45888 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-03-25 N/A 6.4 MEDIUM
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
CVE-2022-45887 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-03-25 N/A 4.7 MEDIUM
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-03-25 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-03-25 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
CVE-2022-45884 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-03-25 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
CVE-2022-23222 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-03-25 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
CVE-2021-44733 5 Debian, Fedoraproject, Linux and 2 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-03-25 4.4 MEDIUM 7.0 HIGH
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-43976 5 Debian, Fedoraproject, Linux and 2 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-03-25 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-42327 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, H300e and 15 more 2024-03-25 4.6 MEDIUM 6.7 MEDIUM
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
CVE-2021-33200 3 Fedoraproject, Linux, Netapp 19 Fedora, Linux Kernel, Cloud Backup and 16 more 2024-03-25 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.