Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H410c
Total 231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25044 2 Linux, Netapp 21 Linux Kernel, Cloud Backup, H300e and 18 more 2024-02-28 7.2 HIGH 7.8 HIGH
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2019-25045 2 Linux, Netapp 41 Linux Kernel, Aff 8300, Aff 8300 Firmware and 38 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.
CVE-2020-25671 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
CVE-2020-25672 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
CVE-2020-28097 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2024-02-28 3.6 LOW 5.9 MEDIUM
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
CVE-2021-3501 4 Fedoraproject, Linux, Netapp and 1 more 27 Fedora, Linux Kernel, Cloud Backup and 24 more 2024-02-28 3.6 LOW 7.1 HIGH
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2020-35519 2 Linux, Netapp 20 Linux Kernel, Cloud Backup, H300e and 17 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-36387 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-02-28 7.2 HIGH 7.8 HIGH
An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.
CVE-2021-3612 6 Debian, Fedoraproject, Linux and 3 more 26 Debian Linux, Fedora, Linux Kernel and 23 more 2024-02-28 7.2 HIGH 7.8 HIGH
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3541 4 Netapp, Oracle, Redhat and 1 more 27 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 24 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
CVE-2021-28691 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
CVE-2020-25673 3 Fedoraproject, Linux, Netapp 22 Fedora, Linux Kernel, Active Iq Unified Manager and 19 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.
CVE-2021-40490 4 Debian, Fedoraproject, Linux and 1 more 29 Debian Linux, Fedora, Linux Kernel and 26 more 2024-02-28 4.4 MEDIUM 7.0 HIGH
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2018-25015 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.
CVE-2021-3506 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, Cloud Backup and 17 more 2024-02-28 5.6 MEDIUM 7.1 HIGH
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-23133 5 Broadcom, Debian, Fedoraproject and 2 more 24 Brocade Fabric Operating System, Debian Linux, Fedora and 21 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
CVE-2020-35508 3 Linux, Netapp, Redhat 33 Linux Kernel, A700s, A700s Firmware and 30 more 2024-02-28 4.4 MEDIUM 4.5 MEDIUM
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
CVE-2021-3483 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected
CVE-2020-25668 3 Debian, Linux, Netapp 26 Debian Linux, Linux Kernel, 500f and 23 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
CVE-2020-25670 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.