Vulnerabilities > Netapp > H300S Firmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-15 | CVE-2021-42374 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. | 5.3 |
2021-11-15 | CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. | 5.5 |
2021-11-15 | CVE-2021-42376 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. | 5.5 |
2021-10-27 | CVE-2021-25219 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. | 5.3 |
2021-10-26 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41183 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41184 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-21 | CVE-2021-42327 | Out-of-bounds Write vulnerability in multiple products dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. | 6.7 |
2021-09-29 | CVE-2021-22947 | Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. | 5.9 |
2021-08-05 | CVE-2021-22922 | Improper Handling of Exceptional Conditions vulnerability in multiple products When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. | 6.5 |