H500S Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-07	CVE-2022-32207	Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. network low complexity haxx fedoraproject debian netapp apple splunk CWE-276 critical	9.8
2022-07-07	CVE-2022-32208	Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. network high complexity haxx fedoraproject debian netapp apple splunk CWE-787	5.9
2022-07-06	CVE-2022-2318	Use After Free vulnerability in multiple products There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. local low complexity linux debian netapp CWE-416	5.5
2022-07-05	CVE-2022-2097	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. network low complexity openssl fedoraproject netapp siemens debian CWE-327	5.3
2022-07-04	CVE-2022-34918	Type Confusion vulnerability in multiple products An issue was discovered in the Linux kernel through 5.18.9. local low complexity linux debian canonical netapp CWE-843	7.8
2022-07-01	CVE-2022-2274	Out-of-bounds Write vulnerability in multiple products The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. network low complexity openssl netapp CWE-787 critical	9.8
2022-06-21	CVE-2022-2068	OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. network low complexity openssl debian fedoraproject siemens netapp broadcom CWE-78 critical	9.8
2022-06-09	CVE-2022-1998	Use After Free vulnerability in multiple products A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). local low complexity linux fedoraproject redhat netapp CWE-416	7.8
2022-06-02	CVE-2022-32250	Use After Free vulnerability in multiple products net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. local low complexity linux fedoraproject debian netapp CWE-416	7.8
2022-06-02	CVE-2022-1652	Use After Free vulnerability in multiple products Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. local low complexity linux redhat debian netapp CWE-416	7.8