Vulnerabilities > Netapp > H500S Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-39046 Information Exposure Through Log Files vulnerability in multiple products
An issue was discovered in the GNU C Library (glibc) 2.36.
network
low complexity
gnu netapp CWE-532
5.3
2022-08-22 CVE-2022-2873 Incorrect Calculation of Buffer Size vulnerability in multiple products
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data.
5.5
2022-07-27 CVE-2022-36879 An issue was discovered in the Linux kernel through 5.18.14.
local
low complexity
linux debian netapp
5.5
2022-07-20 CVE-2022-31160 Cross-site Scripting vulnerability in multiple products
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.
network
low complexity
jqueryui netapp drupal fedoraproject debian CWE-79
6.1
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5
2022-07-07 CVE-2022-32208 Out-of-bounds Write vulnerability in multiple products
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
network
high complexity
haxx fedoraproject debian netapp apple splunk CWE-787
5.9
2022-07-06 CVE-2022-2318 Use After Free vulnerability in multiple products
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
local
low complexity
linux debian netapp CWE-416
5.5
2022-07-05 CVE-2022-2097 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
5.3
2022-06-02 CVE-2022-27774 Insufficiently Protected Credentials vulnerability in multiple products
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
network
low complexity
haxx debian netapp brocade splunk CWE-522
5.7