Vulnerabilities > Netapp > H500E Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-1343 Improper Certificate Validation vulnerability in multiple products
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
network
low complexity
openssl netapp CWE-295
5.3
5.3
2022-05-03 CVE-2022-1434 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key.
network
high complexity
openssl netapp CWE-327
5.9
5.9
2022-04-03 CVE-2022-28388 Double Free vulnerability in multiple products
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux debian fedoraproject netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-28389 Double Free vulnerability in multiple products
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
5.5
5.5
2022-03-23 CVE-2021-25220 HTTP Request Smuggling vulnerability in multiple products
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
network
low complexity
isc fedoraproject netapp siemens juniper CWE-444
6.8
6.8
2022-03-23 CVE-2022-0396 Improper Resource Shutdown or Release vulnerability in multiple products
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
network
low complexity
isc fedoraproject netapp siemens CWE-404
5.3
5.3
2022-03-18 CVE-2021-45868 Use After Free vulnerability in multiple products
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk).
local
low complexity
linux netapp CWE-416
5.5
5.5
2022-03-12 CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12.
local
low complexity
linux netapp debian
5.5
5.5
2022-02-26 CVE-2020-36516 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.16.11.
network
high complexity
linux netapp CWE-327
5.9
5.9
2021-11-17 CVE-2021-43975 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
local
low complexity
linux fedoraproject debian netapp CWE-787
6.7
6.7