Vulnerabilities > Netapp > H300E Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2018-25020 Classic Buffer Overflow vulnerability in multiple products
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow.
local
low complexity
linux netapp CWE-120
4.6
2021-11-17 CVE-2021-43975 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
local
low complexity
linux fedoraproject debian netapp CWE-787
6.7
2021-11-17 CVE-2021-43976 In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). 4.6
2021-11-15 CVE-2021-42373 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42374 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.
local
high complexity
busybox fedoraproject netapp CWE-125
5.3
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-02 CVE-2017-5123 Improper Input Validation vulnerability in multiple products
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
local
low complexity
linux netapp CWE-20
4.6
2021-10-27 CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
network
low complexity
isc debian fedoraproject netapp siemens oracle
5.3
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1