H500S Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-23	CVE-2022-2938	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel's implementation of Pressure Stall Information. local low complexity linux redhat fedoraproject netapp CWE-416	7.8
2022-08-22	CVE-2022-2873	Incorrect Calculation of Buffer Size vulnerability in multiple products An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. local low complexity linux fedoraproject redhat netapp debian CWE-131	5.5
2022-08-05	CVE-2022-1973	Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. local low complexity linux fedoraproject netapp CWE-416	7.1
2022-08-05	CVE-2022-37434	Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. network low complexity zlib fedoraproject debian netapp apple stormshield CWE-787 critical	9.8
2022-07-29	CVE-2022-36123	The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). local low complexity linux netapp	7.8
2022-07-27	CVE-2022-36879	An issue was discovered in the Linux kernel through 5.18.14. local low complexity linux debian netapp	5.5
2022-07-26	CVE-2022-1671	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. local low complexity linux netapp CWE-476	7.1
2022-07-20	CVE-2022-31160	Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. network low complexity jqueryui netapp drupal fedoraproject debian CWE-79	6.1
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3
2022-07-07	CVE-2022-32206	Allocation of Resources Without Limits or Throttling vulnerability in multiple products curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. network low complexity haxx fedoraproject debian netapp siemens splunk CWE-770	6.5