Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H410s
Total 290 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1838 2 Linux, Netapp 6 Linux Kernel, H300s, H410c and 3 more 2024-02-28 N/A 7.1 HIGH
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
CVE-2023-2898 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-02-28 N/A 4.7 MEDIUM
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.
CVE-2022-40303 3 Apple, Netapp, Xmlsoft 22 Ipados, Iphone Os, Macos and 19 more 2024-02-28 N/A 7.5 HIGH
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
CVE-2022-40304 3 Apple, Netapp, Xmlsoft 22 Ipados, Iphone Os, Macos and 19 more 2024-02-28 N/A 7.8 HIGH
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
CVE-2023-26545 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-02-28 N/A 4.7 MEDIUM
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2022-45934 4 Debian, Fedoraproject, Linux and 1 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2024-02-28 N/A 7.8 HIGH
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-47519 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-02-28 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
CVE-2022-47521 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-02-28 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
CVE-2023-28466 3 Debian, Linux, Netapp 7 Debian Linux, Linux Kernel, H300s and 4 more 2024-02-28 N/A 7.0 HIGH
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2022-47518 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-02-28 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
CVE-2022-47520 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-02-28 N/A 7.1 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
CVE-2022-31160 5 Debian, Drupal, Fedoraproject and 2 more 15 Debian Linux, Jquery Ui Checkboxradio, Fedora and 12 more 2024-02-28 N/A 6.1 MEDIUM
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CVE-2021-3999 3 Debian, Gnu, Netapp 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more 2024-02-28 N/A 7.8 HIGH
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVE-2022-1199 3 Linux, Netapp, Redhat 13 Linux Kernel, Active Iq Unified Manager, H300s and 10 more 2024-02-28 N/A 7.5 HIGH
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.
CVE-2022-3202 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-02-28 N/A 7.1 HIGH
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
CVE-2022-39046 2 Gnu, Netapp 12 Glibc, H300s, H300s Firmware and 9 more 2024-02-28 N/A 5.3 MEDIUM
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
CVE-2022-2938 4 Fedoraproject, Linux, Netapp and 1 more 13 Fedora, Linux Kernel, H300s and 10 more 2024-02-28 N/A 7.8 HIGH
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
CVE-2022-3649 3 Debian, Linux, Netapp 11 Debian Linux, Linux Kernel, Active Iq Unified Manager and 8 more 2024-02-28 N/A 7.0 HIGH
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
CVE-2022-36879 3 Debian, Linux, Netapp 43 Debian Linux, Linux Kernel, A700s and 40 more 2024-02-28 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
CVE-2022-43945 2 Linux, Netapp 12 Linux Kernel, Active Iq Unified Manager, H300s and 9 more 2024-02-28 N/A 7.5 HIGH
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H