Vulnerabilities > Netapp > H500S Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42377 Release of Invalid Pointer or Reference vulnerability in multiple products
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string.
network
low complexity
busybox fedoraproject netapp CWE-763
critical
9.8
2021-11-15 CVE-2021-43618 Integer Overflow or Wraparound vulnerability in multiple products
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
network
low complexity
gmplib debian netapp CWE-190
7.5
2021-11-02 CVE-2021-43267 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16.
network
low complexity
linux fedoraproject netapp CWE-1284
critical
9.8
2021-11-02 CVE-2017-5123 Improper Input Validation vulnerability in multiple products
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
local
low complexity
linux netapp CWE-20
8.8
2021-10-28 CVE-2021-43057 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.14.8.
local
low complexity
linux netapp CWE-416
7.8
2021-10-27 CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
network
low complexity
isc debian fedoraproject netapp siemens oracle
5.3
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41183 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41184 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-21 CVE-2021-42327 Out-of-bounds Write vulnerability in multiple products
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem.
local
low complexity
linux fedoraproject netapp CWE-787
6.7