Vulnerabilities > Netapp > H500S Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-29 | CVE-2022-24122 | Use After Free vulnerability in multiple products kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | 7.8 |
| 2022-01-26 | CVE-2021-22600 | Double Free vulnerability in multiple products A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. | 7.0 |
| 2022-01-25 | CVE-2021-34866 | Type Confusion vulnerability in multiple products This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. | 7.8 |
| 2022-01-18 | CVE-2021-4083 | Race Condition vulnerability in multiple products A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. | 7.0 |
| 2022-01-14 | CVE-2022-23222 | NULL Pointer Dereference vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | 7.8 |
| 2021-12-25 | CVE-2021-45485 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | 7.5 |
| 2021-12-23 | CVE-2021-45469 | Out-of-bounds Read vulnerability in multiple products In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | 7.8 |
| 2021-12-22 | CVE-2021-44733 | Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. | 7.0 |
| 2021-12-16 | CVE-2021-45100 | Cleartext Transmission of Sensitive Information vulnerability in multiple products The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. | 5.0 |
| 2021-12-14 | CVE-2021-4044 | Infinite Loop vulnerability in multiple products Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. | 7.5 |