Vulnerabilities > Netapp > H500S Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5363 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
network
low complexity
openssl debian netapp
7.5
2023-10-16 CVE-2023-40791 extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
local
high complexity
linux netapp
6.3
2023-09-20 CVE-2023-4236 Reachable Assertion vulnerability in multiple products
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure.
network
low complexity
isc fedoraproject debian netapp CWE-617
7.5
2023-09-18 CVE-2023-4527 Out-of-bounds Read vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-125
6.5
2023-09-12 CVE-2023-4813 Use After Free vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-416
5.9
2023-08-09 CVE-2023-4273 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the exFAT driver of the Linux kernel.
6.7
2023-07-24 CVE-2023-32252 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
low complexity
linux netapp CWE-476
7.5
2023-06-23 CVE-2023-3212 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel.
4.4
2023-06-21 CVE-2023-2828 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.
network
low complexity
isc debian fedoraproject netapp CWE-770
7.5
2023-06-21 CVE-2023-2829 A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
network
low complexity
isc netapp
7.5