Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H300s Firmware
Total 265 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2318 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
CVE-2022-2274 2 Netapp, Openssl 12 H300s, H300s Firmware, H410c and 9 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
CVE-2022-2097 5 Debian, Fedoraproject, Netapp and 2 more 15 Debian Linux, Fedora, Active Iq Unified Manager and 12 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
CVE-2022-2068 6 Broadcom, Debian, Fedoraproject and 3 more 43 Sannav, Debian Linux, Fedora and 40 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVE-2022-29968 3 Fedoraproject, Linux, Netapp 13 Fedora, Linux Kernel, H300s and 10 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
CVE-2022-29824 5 Debian, Fedoraproject, Netapp and 2 more 24 Debian Linux, Fedora, Active Iq Unified Manager and 21 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2022-29581 4 Canonical, Debian, Linux and 1 more 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more 2024-11-21 7.2 HIGH 7.8 HIGH
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
CVE-2022-29156 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-11-21 7.2 HIGH 7.8 HIGH
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
CVE-2022-29155 3 Debian, Netapp, Openldap 14 Debian Linux, H300s, H300s Firmware and 11 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
CVE-2022-28893 3 Debian, Linux, Netapp 22 Debian Linux, Linux Kernel, H300e and 19 more 2024-11-21 7.2 HIGH 7.8 HIGH
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVE-2022-28796 4 Fedoraproject, Linux, Netapp and 1 more 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
CVE-2022-28389 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-11-21 2.1 LOW 5.5 MEDIUM
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28388 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-11-21 2.1 LOW 5.5 MEDIUM
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-27781 4 Debian, Haxx, Netapp and 1 more 16 Debian Linux, Curl, Clustered Data Ontap and 13 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
CVE-2022-27780 3 Haxx, Netapp, Splunk 15 Curl, Clustered Data Ontap, H300s and 12 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
CVE-2022-27779 3 Haxx, Netapp, Splunk 15 Curl, Clustered Data Ontap, H300s and 12 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
CVE-2022-27778 4 Haxx, Netapp, Oracle and 1 more 19 Curl, Active Iq Unified Manager, Bh500s Firmware and 16 more 2024-11-21 5.8 MEDIUM 8.1 HIGH
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
CVE-2022-27776 6 Brocade, Debian, Fedoraproject and 3 more 18 Fabric Operating System, Debian Linux, Fedora and 15 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-27775 5 Brocade, Debian, Haxx and 2 more 17 Fabric Operating System, Debian Linux, Curl and 14 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
CVE-2022-27774 5 Brocade, Debian, Haxx and 2 more 17 Fabric Operating System, Debian Linux, Curl and 14 more 2024-11-21 3.5 LOW 5.7 MEDIUM
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.