Vulnerabilities > Netapp > H500S Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
9.8
2021-11-15 CVE-2021-42377 Release of Invalid Pointer or Reference vulnerability in multiple products
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string.
network
low complexity
busybox fedoraproject netapp CWE-763
critical
9.8
2021-11-02 CVE-2021-43267 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16.
network
low complexity
linux fedoraproject netapp CWE-1284
critical
9.8
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415
critical
9.1
2021-05-25 CVE-2021-33574 Use After Free vulnerability in multiple products
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
network
low complexity
gnu fedoraproject netapp debian CWE-416
critical
9.8
2021-04-29 CVE-2021-25216 Out-of-bounds Read vulnerability in multiple products
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
network
low complexity
debian isc siemens netapp CWE-125
critical
9.8