H410C Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-29	CVE-2022-36123	The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). local low complexity linux netapp	7.8
2022-07-27	CVE-2022-36879	An issue was discovered in the Linux kernel through 5.18.14. local low complexity linux debian netapp	5.5
2022-07-26	CVE-2022-1671	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. local low complexity linux netapp CWE-476	7.1
2022-07-20	CVE-2022-31160	Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. network low complexity jqueryui netapp drupal fedoraproject debian CWE-79	6.1
2022-07-06	CVE-2022-2318	Use After Free vulnerability in multiple products There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. local low complexity linux debian netapp CWE-416	5.5
2022-07-05	CVE-2022-2097	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. network low complexity openssl fedoraproject netapp siemens debian CWE-327	5.3
2022-07-04	CVE-2022-34918	Type Confusion vulnerability in multiple products An issue was discovered in the Linux kernel through 5.18.9. local low complexity linux debian canonical netapp CWE-843	7.8
2022-07-01	CVE-2022-2274	Out-of-bounds Write vulnerability in multiple products The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. network low complexity openssl netapp CWE-787 critical	9.8
2022-06-21	CVE-2022-2068	OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. network low complexity openssl debian fedoraproject siemens netapp broadcom CWE-78 critical	9.8
2022-06-09	CVE-2022-1998	Use After Free vulnerability in multiple products A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). local low complexity linux fedoraproject redhat netapp CWE-416	7.8