Filtered by vendor Netapp
Subscriptions
Filtered by product H410c
Subscriptions
Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45919 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | ||||
| CVE-2022-45888 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | 6.4 Medium |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. | ||||
| CVE-2022-45886 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | ||||
| CVE-2022-45884 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | ||||
| CVE-2022-43945 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, Active Iq Unified Manager, H300s and 11 more | 2024-11-21 | 7.5 High |
| The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | ||||
| CVE-2022-43680 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 24 Debian Linux, Fedora, Libexpat and 21 more | 2024-11-21 | 7.5 High |
| In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||||
| CVE-2022-3202 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.1 High |
| A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | ||||
| CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | ||||
| CVE-2022-36879 | 4 Debian, Linux, Netapp and 1 more | 46 Debian Linux, Linux Kernel, A700s and 43 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | ||||
| CVE-2022-36123 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.8 High |
| The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. | ||||
| CVE-2022-34918 | 5 Canonical, Debian, Linux and 2 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | ||||
| CVE-2022-32250 | 5 Debian, Fedoraproject, Linux and 2 more | 20 Debian Linux, Fedora, Linux Kernel and 17 more | 2024-11-21 | 7.8 High |
| net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | ||||
| CVE-2022-30594 | 4 Debian, Linux, Netapp and 1 more | 24 Debian Linux, Linux Kernel, 8300 and 21 more | 2024-11-21 | 7.8 High |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||||
| CVE-2022-2964 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, H300s, H300s Firmware and 15 more | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | ||||
| CVE-2022-2961 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-11-21 | 7.0 High |
| A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2022-2938 | 4 Fedoraproject, Linux, Netapp and 1 more | 15 Fedora, Linux Kernel, H300s and 12 more | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | ||||
| CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 16 Debian Linux, Fedora, Linux Kernel and 13 more | 2024-11-21 | 5.5 Medium |
| An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | ||||
| CVE-2022-2318 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-11-21 | 5.5 Medium |
| There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | ||||
| CVE-2022-2274 | 2 Netapp, Openssl | 12 H300s, H300s Firmware, H410c and 9 more | 2024-11-21 | 9.8 Critical |
| The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | ||||
| CVE-2022-2097 | 6 Debian, Fedoraproject, Netapp and 3 more | 16 Debian Linux, Fedora, Active Iq Unified Manager and 13 more | 2024-11-21 | 5.3 Medium |
| AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | ||||