Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Baseboard Management Controller H300e Firmware
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22543 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2024-05-29 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
CVE-2021-44733 5 Debian, Fedoraproject, Linux and 2 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-03-25 4.4 MEDIUM 7.0 HIGH
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2022-0995 3 Fedoraproject, Linux, Netapp 24 Fedora, Linux Kernel, Baseboard Management Controller H300e and 21 more 2024-02-04 7.2 HIGH 7.8 HIGH
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
CVE-2021-25220 5 Fedoraproject, Isc, Juniper and 2 more 48 Fedora, Bind, Junos and 45 more 2024-02-04 4.0 MEDIUM 6.8 MEDIUM
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
CVE-2021-3760 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-02-04 7.2 HIGH 7.8 HIGH
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 27 Debian Linux, Fedora, Linux Kernel and 24 more 2024-02-04 7.9 HIGH 7.1 HIGH
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2022-0646 2 Linux, Netapp 17 Linux Kernel, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more 2024-02-04 7.2 HIGH 7.8 HIGH
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
CVE-2021-20322 5 Debian, Fedoraproject, Linux and 2 more 32 Debian Linux, Fedora, Linux Kernel and 29 more 2024-02-04 5.8 MEDIUM 7.4 HIGH
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
CVE-2021-3739 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, Baseboard Management Controller H300e and 15 more 2024-02-04 3.6 LOW 7.1 HIGH
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
CVE-2022-0635 2 Isc, Netapp 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
CVE-2022-25265 2 Linux, Netapp 17 Linux Kernel, Baseboard Management Controller Firmware, Baseboard Management Controller H300e and 14 more 2024-02-04 4.4 MEDIUM 7.8 HIGH
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.
CVE-2022-1353 4 Debian, Linux, Netapp and 1 more 19 Debian Linux, Linux Kernel, Baseboard Management Controller H300e and 16 more 2024-02-04 3.6 LOW 7.1 HIGH
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-0667 2 Isc, Netapp 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
CVE-2021-3743 4 Fedoraproject, Linux, Netapp and 1 more 21 Fedora, Linux Kernel, Baseboard Management Controller H300e and 18 more 2024-02-04 3.6 LOW 7.1 HIGH
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-02-04 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2020-8832 2 Canonical, Netapp 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more 2024-02-04 2.1 LOW 5.5 MEDIUM
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
CVE-2019-20388 6 Debian, Fedoraproject, Netapp and 3 more 31 Debian Linux, Fedora, Baseboard Management Controller H300e and 28 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.