Vulnerabilities > Netapp > H410S Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-29 CVE-2022-36123 The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss).
local
low complexity
linux netapp
7.8
2022-07-26 CVE-2022-1671 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel.
local
low complexity
linux netapp CWE-476
7.1
2022-07-04 CVE-2022-34918 Type Confusion vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.18.9.
local
low complexity
linux debian canonical netapp CWE-843
7.8
2022-06-09 CVE-2022-1998 Use After Free vulnerability in multiple products
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user().
local
low complexity
linux fedoraproject redhat netapp CWE-416
7.8
2022-06-02 CVE-2022-32250 Use After Free vulnerability in multiple products
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
local
low complexity
linux fedoraproject debian netapp CWE-416
7.8
2022-06-02 CVE-2022-1652 Use After Free vulnerability in multiple products
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function.
local
low complexity
linux redhat debian netapp CWE-416
7.8
2022-06-02 CVE-2022-1786 Type Confusion vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring.
local
low complexity
linux netapp CWE-843
7.8
2022-06-02 CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
network
low complexity
haxx debian netapp brocade splunk
7.5
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-06-02 CVE-2022-27780 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`.
network
low complexity
haxx netapp splunk CWE-918
7.5