Vulnerabilities > Netapp > H300S Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42373 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42374 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.
local
high complexity
busybox fedoraproject netapp CWE-125
5.3
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-02 CVE-2017-5123 Improper Input Validation vulnerability in multiple products
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
local
low complexity
linux netapp CWE-20
4.6
2021-10-27 CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
network
low complexity
isc debian fedoraproject netapp siemens oracle
5.3
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41183 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41184 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-21 CVE-2021-42327 Out-of-bounds Write vulnerability in multiple products
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem.
local
low complexity
linux fedoraproject netapp CWE-787
6.7