Vulnerabilities > Netapp > H410S Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2022-2938 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of Pressure Stall Information.
local
low complexity
linux redhat fedoraproject netapp CWE-416
7.8
2022-08-22 CVE-2022-2873 Incorrect Calculation of Buffer Size vulnerability in multiple products
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data.
5.5
2022-08-05 CVE-2022-1973 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.
local
low complexity
linux fedoraproject netapp CWE-416
7.1
2022-07-29 CVE-2022-36123 The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss).
local
low complexity
linux netapp
7.8
2022-07-27 CVE-2022-36879 An issue was discovered in the Linux kernel through 5.18.14.
local
low complexity
linux debian netapp
5.5
2022-07-26 CVE-2022-1671 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel.
local
low complexity
linux netapp CWE-476
7.1
2022-07-20 CVE-2022-31160 Cross-site Scripting vulnerability in multiple products
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.
network
low complexity
jqueryui netapp drupal fedoraproject debian CWE-79
6.1
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
9.8