Vulnerabilities > Netapp > H500S Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-05-21 CVE-2021-31440 Incorrect Calculation vulnerability in multiple products
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15.
local
high complexity
linux netapp CWE-682
7.0
2021-05-17 CVE-2021-3483 Use After Free vulnerability in multiple products
A flaw was found in the Nosy driver in the Linux kernel.
local
low complexity
linux debian netapp CWE-416
4.6
2021-05-14 CVE-2019-25044 Use After Free vulnerability in multiple products
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9.
local
low complexity
linux netapp CWE-416
7.8
2021-05-10 CVE-2021-32399 Race Condition vulnerability in multiple products
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
4.4
2021-05-06 CVE-2020-35519 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5.
local
low complexity
linux netapp CWE-125
7.8
2021-05-06 CVE-2021-3501 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel in versions before 5.12.
local
low complexity
linux redhat fedoraproject netapp CWE-787
3.6
2021-04-29 CVE-2021-25215 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check.
7.5
2021-04-29 CVE-2021-25216 Out-of-bounds Read vulnerability in multiple products
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
6.8
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5
2021-04-22 CVE-2021-23133 Race Condition vulnerability in multiple products
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process.
7.0