Vulnerabilities > Netapp > A250 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
| 2023-02-03 | CVE-2023-25136 | Double Free vulnerability in multiple products OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. | 6.5 |
| 2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 9.8 |
| 2022-05-03 | CVE-2022-1343 | Improper Certificate Validation vulnerability in multiple products The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. | 5.3 |
| 2022-05-03 | CVE-2022-1434 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. | 5.9 |
| 2022-05-03 | CVE-2022-1473 | Incomplete Cleanup vulnerability in multiple products The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. | 7.5 |
| 2022-03-15 | CVE-2022-0778 | Infinite Loop vulnerability in multiple products The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. | 7.5 |
| 2021-12-14 | CVE-2021-4044 | Infinite Loop vulnerability in multiple products Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. | 7.5 |
| 2021-05-26 | CVE-2020-25668 | Improper Synchronization vulnerability in multiple products A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | 7.0 |
| 2021-04-29 | CVE-2021-31879 | Open Redirect vulnerability in multiple products GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | 6.1 |