Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H410c
Total 231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0330 4 Fedoraproject, Linux, Netapp and 1 more 46 Fedora, Linux Kernel, H300e and 43 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-25636 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, H300e and 10 more 2024-02-28 6.9 MEDIUM 7.8 HIGH
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2022-29156 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-02-28 7.2 HIGH 7.8 HIGH
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
CVE-2022-1353 4 Debian, Linux, Netapp and 1 more 19 Debian Linux, Linux Kernel, H300e and 16 more 2024-02-28 3.6 LOW 7.1 HIGH
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 27 Debian Linux, Fedora, Linux Kernel and 24 more 2024-02-28 7.9 HIGH 7.1 HIGH
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2022-23308 6 Apple, Debian, Fedoraproject and 3 more 44 Ipados, Iphone Os, Mac Os X and 41 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2022-28796 4 Fedoraproject, Linux, Netapp and 1 more 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
CVE-2022-0646 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-02-28 7.2 HIGH 7.8 HIGH
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
CVE-2022-24958 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
CVE-2022-0396 4 Fedoraproject, Isc, Netapp and 1 more 19 Fedora, Bind, H300e and 16 more 2024-02-28 4.3 MEDIUM 5.3 MEDIUM
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVE-2022-1183 2 Isc, Netapp 11 Bind, H300s, H300s Firmware and 8 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
CVE-2021-3760 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-02-28 7.2 HIGH 7.8 HIGH
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-3640 5 Canonical, Debian, Fedoraproject and 2 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2022-1652 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, H300s and 10 more 2024-02-28 7.2 HIGH 7.8 HIGH
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-4203 3 Linux, Netapp, Oracle 23 Linux Kernel, A700s, A700s Firmware and 20 more 2024-02-28 4.9 MEDIUM 6.8 MEDIUM
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
CVE-2018-25032 10 Apple, Azul, Debian and 7 more 37 Mac Os X, Macos, Zulu and 34 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2022-0998 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-02-28 7.2 HIGH 7.8 HIGH
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-27666 5 Debian, Fedoraproject, Linux and 2 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-0516 5 Debian, Fedoraproject, Linux and 2 more 31 Debian Linux, Fedora, Linux Kernel and 28 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
CVE-2022-1586 4 Fedoraproject, Netapp, Pcre and 1 more 17 Fedora, Active Iq Unified Manager, H300s and 14 more 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.