Vulnerabilities > Netapp > H500E Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415
critical
9.1
2021-09-20 CVE-2021-38300 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.
local
low complexity
linux netapp debian
7.8
2021-09-19 CVE-2021-41073 Release of Invalid Pointer or Reference vulnerability in multiple products
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
local
low complexity
linux debian fedoraproject netapp CWE-763
7.8
2021-09-03 CVE-2021-40490 Race Condition vulnerability in multiple products
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
local
high complexity
linux fedoraproject debian netapp CWE-362
7.0
2021-08-05 CVE-2021-22922 Improper Handling of Exceptional Conditions vulnerability in multiple products
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them.
6.5
2021-08-05 CVE-2021-22923 Insufficiently Protected Credentials vulnerability in multiple products
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from.
5.3
2021-08-05 CVE-2021-22925 Use of Uninitialized Resource vulnerability in multiple products
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl.
5.3
2021-08-05 CVE-2021-22926 Improper Certificate Validation vulnerability in multiple products
libcurl-using applications can ask for a specific client certificate to be used in a transfer.
network
low complexity
haxx netapp oracle siemens splunk CWE-295
7.5
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
6.5
2021-07-09 CVE-2021-3612 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP.
7.8