Vulnerabilities > Netapp > H300S Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-07-05 CVE-2022-2097 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
5.3
2022-07-04 CVE-2022-34918 Type Confusion vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.18.9.
local
low complexity
linux debian canonical netapp CWE-843
7.8
2022-07-01 CVE-2022-2274 Out-of-bounds Write vulnerability in multiple products
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
network
low complexity
openssl netapp CWE-787
critical
9.8
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
9.8
2022-06-09 CVE-2022-1998 Use After Free vulnerability in multiple products
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user().
local
low complexity
linux fedoraproject redhat netapp CWE-416
7.8
2022-06-02 CVE-2022-32250 Use After Free vulnerability in multiple products
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
local
low complexity
linux fedoraproject debian netapp CWE-416
7.8
2022-06-02 CVE-2022-1652 Use After Free vulnerability in multiple products
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function.
local
low complexity
linux redhat debian netapp CWE-416
7.8
2022-06-02 CVE-2022-1786 Type Confusion vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring.
local
low complexity
linux netapp CWE-843
7.8
2022-06-02 CVE-2022-27774 Insufficiently Protected Credentials vulnerability in multiple products
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
network
low complexity
haxx debian netapp brocade splunk CWE-522
5.7
2022-06-02 CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
network
low complexity
haxx debian netapp brocade splunk
7.5