Vulnerabilities > Netapp > H500S Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-44733 Race Condition vulnerability in multiple products
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
local
high complexity
linux redhat fedoraproject debian netapp CWE-362
7.0
2021-12-16 CVE-2021-45100 Cleartext Transmission of Sensitive Information vulnerability in multiple products
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled.
network
low complexity
ksmbd-project netapp CWE-319
7.5
2021-12-14 CVE-2021-4044 Infinite Loop vulnerability in multiple products
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server.
network
low complexity
openssl netapp nodejs CWE-835
7.5
2021-12-08 CVE-2018-25020 Classic Buffer Overflow vulnerability in multiple products
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow.
local
low complexity
linux netapp CWE-120
7.8
2021-11-17 CVE-2021-43975 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
local
low complexity
linux fedoraproject debian netapp CWE-787
6.7
2021-11-17 CVE-2021-43976 In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). 4.6
2021-11-15 CVE-2021-42373 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42374 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.
local
high complexity
busybox fedoraproject netapp CWE-125
5.3
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5