Vulnerabilities > Netapp > H500E Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-03-26 CVE-2020-35508 Improper Initialization vulnerability in multiple products
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers.
local
high complexity
linux redhat netapp CWE-665
4.5
2021-03-17 CVE-2021-28660 Out-of-bounds Write vulnerability in multiple products
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array.
8.8
2021-02-26 CVE-2020-27618 Infinite Loop vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
local
low complexity
gnu netapp oracle debian CWE-835
5.5
2020-06-24 CVE-2020-15025 Memory Leak vulnerability in multiple products
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
network
low complexity
ntp opensuse netapp oracle CWE-401
4.9
2020-06-12 CVE-2020-10732 Use of Uninitialized Resource vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of Userspace core dumps.
local
low complexity
linux opensuse canonical netapp CWE-908
4.4
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
network
high complexity
ntp netapp opensuse fujitsu CWE-330
7.4
2020-05-18 CVE-2020-13143 Out-of-bounds Read vulnerability in multiple products
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
network
low complexity
linux opensuse debian canonical netapp CWE-125
6.5
2020-05-15 CVE-2020-12888 Improper Handling of Exceptional Conditions vulnerability in multiple products
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3
2020-05-09 CVE-2020-12771 Improper Locking vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.6.11.
5.5
2020-05-09 CVE-2020-12770 An issue was discovered in the Linux kernel through 5.6.11.
local
low complexity
linux fedoraproject canonical debian netapp
6.7