Vulnerabilities > Netapp > Cloud Backup > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2021-0125 Improper Initialization vulnerability in multiple products
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
local
low complexity
netapp intel CWE-665
4.6
2022-02-09 CVE-2021-0156 Improper Input Validation vulnerability in multiple products
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.
local
low complexity
netapp intel CWE-20
4.6
2022-02-09 CVE-2021-33068 NULL Pointer Dereference vulnerability in multiple products
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.
network
low complexity
intel netapp CWE-476
4.0
2021-12-08 CVE-2018-25020 Classic Buffer Overflow vulnerability in multiple products
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow.
local
low complexity
linux netapp CWE-120
4.6
2021-11-17 CVE-2021-43975 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
local
low complexity
linux fedoraproject debian netapp CWE-787
6.7
2021-11-17 CVE-2021-43976 In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). 4.6
2021-11-15 CVE-2021-42373 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42374 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.
local
high complexity
busybox fedoraproject netapp CWE-125
5.3
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5