Vulnerabilities > Netapp > AFF 500F Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-27 CVE-2022-36879 An issue was discovered in the Linux kernel through 5.18.14.
local
low complexity
linux debian netapp
5.5
2022-05-03 CVE-2022-1343 Improper Certificate Validation vulnerability in multiple products
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
network
low complexity
openssl netapp CWE-295
5.3
2022-05-03 CVE-2022-1434 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key.
network
high complexity
openssl netapp CWE-327
5.9
2021-07-07 CVE-2021-22555 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
local
low complexity
linux brocade netapp CWE-787
4.6
2021-04-29 CVE-2021-25216 Out-of-bounds Read vulnerability in multiple products
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
6.8
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5
2021-03-22 CVE-2021-28971 Improper Handling of Exceptional Conditions vulnerability in multiple products
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
local
low complexity
linux fedoraproject debian netapp CWE-755
5.5
2021-03-20 CVE-2021-28951 Improper Locking vulnerability in multiple products
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8.
local
low complexity
linux fedoraproject netapp CWE-667
5.5
2020-11-23 CVE-2020-15436 Use After Free vulnerability in multiple products
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
local
low complexity
linux broadcom netapp CWE-416
6.7