Vulnerabilities > Netapp > H300S Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-16 CVE-2021-45100 Cleartext Transmission of Sensitive Information vulnerability in multiple products
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled.
network
low complexity
ksmbd-project netapp CWE-319
7.5
2021-12-14 CVE-2021-4044 Infinite Loop vulnerability in multiple products
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server.
network
low complexity
openssl netapp nodejs CWE-835
7.5
2021-12-08 CVE-2018-25020 Classic Buffer Overflow vulnerability in multiple products
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow.
local
low complexity
linux netapp CWE-120
7.8
2021-11-15 CVE-2021-43618 Integer Overflow or Wraparound vulnerability in multiple products
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
network
low complexity
gmplib debian netapp CWE-190
7.5
2021-11-02 CVE-2017-5123 Improper Input Validation vulnerability in multiple products
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
local
low complexity
linux netapp CWE-20
8.8
2021-10-28 CVE-2021-43057 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.14.8.
local
low complexity
linux netapp CWE-416
7.8
2021-10-11 CVE-2021-42252 An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6.
local
low complexity
linux netapp
7.8
2021-10-05 CVE-2021-42008 Out-of-bounds Write vulnerability in multiple products
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write.
local
low complexity
linux netapp debian CWE-787
7.8
2021-10-02 CVE-2021-41864 Integer Overflow or Wraparound vulnerability in multiple products
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
local
low complexity
linux fedoraproject netapp debian CWE-190
7.8
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
7.5