Vulnerabilities > Netapp > H300S Firmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-05 | CVE-2021-22923 | Insufficiently Protected Credentials vulnerability in multiple products When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. | 5.3 |
2021-08-05 | CVE-2021-22925 | Use of Uninitialized Resource vulnerability in multiple products curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. | 5.3 |
2021-07-09 | CVE-2021-3541 | XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. | 6.5 |
2021-06-24 | CVE-2020-28097 | Out-of-bounds Read vulnerability in multiple products The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. | 5.9 |
2021-06-11 | CVE-2021-22897 | Exposure of Resource to Wrong Sphere vulnerability in multiple products curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. | 5.3 |
2021-05-26 | CVE-2020-25673 | A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | 5.5 |
2021-04-29 | CVE-2021-25214 | Reachable Assertion vulnerability in multiple products In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | 6.5 |
2021-03-26 | CVE-2020-35508 | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. | 4.5 |
2021-02-26 | CVE-2020-27618 | Infinite Loop vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 5.5 |
2020-06-24 | CVE-2020-15025 | Memory Leak vulnerability in multiple products ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | 4.9 |