Vulnerabilities > Netapp > H500E Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-1343 Improper Certificate Validation vulnerability in multiple products
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
network
low complexity
openssl netapp CWE-295
5.3
5.3
2022-05-03 CVE-2022-1434 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key.
network
high complexity
openssl netapp CWE-327
5.9
5.9
2022-04-03 CVE-2022-28388 Double Free vulnerability in multiple products
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux debian fedoraproject netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-28389 Double Free vulnerability in multiple products
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
5.5
5.5
2022-03-23 CVE-2021-25220 HTTP Request Smuggling vulnerability in multiple products
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
network
low complexity
isc fedoraproject netapp siemens juniper CWE-444
6.8
6.8
2022-03-23 CVE-2022-0396 Improper Resource Shutdown or Release vulnerability in multiple products
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
network
low complexity
isc fedoraproject netapp siemens CWE-404
5.3
5.3
2022-03-18 CVE-2021-45868 Use After Free vulnerability in multiple products
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk).
local
low complexity
linux netapp CWE-416
5.5
5.5
2022-03-12 CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12.
local
low complexity
linux netapp debian
5.5
5.5
2022-02-26 CVE-2020-36516 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.16.11.
network
high complexity
linux netapp CWE-327
5.9
5.9
2021-12-16 CVE-2021-45100 Cleartext Transmission of Sensitive Information vulnerability in multiple products
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled.
network
low complexity
ksmbd-project netapp CWE-319
5.0
5.0