Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H300e
Total 123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0185 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-09-04 7.2 HIGH 8.4 HIGH
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
CVE-2022-1055 5 Canonical, Fedoraproject, Linux and 2 more 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more 2024-05-21 4.6 MEDIUM 7.8 HIGH
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2021-22897 5 Haxx, Netapp, Oracle and 2 more 30 Curl, Cloud Backup, H300e and 27 more 2024-03-27 4.3 MEDIUM 5.3 MEDIUM
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
CVE-2021-22901 5 Haxx, Netapp, Oracle and 2 more 34 Curl, Active Iq Unified Manager, Cloud Backup and 31 more 2024-03-27 6.8 MEDIUM 8.1 HIGH
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
CVE-2021-22922 6 Fedoraproject, Haxx, Netapp and 3 more 23 Fedora, Curl, Cloud Backup and 20 more 2024-03-27 4.3 MEDIUM 6.5 MEDIUM
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
CVE-2021-22946 8 Apple, Debian, Fedoraproject and 5 more 37 Macos, Debian Linux, Fedora and 34 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
CVE-2021-22923 6 Fedoraproject, Haxx, Netapp and 3 more 23 Fedora, Curl, Cloud Backup and 20 more 2024-03-27 2.6 LOW 5.3 MEDIUM
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
CVE-2021-22925 7 Apple, Fedoraproject, Haxx and 4 more 27 Mac Os X, Macos, Fedora and 24 more 2024-03-27 5.0 MEDIUM 5.3 MEDIUM
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CVE-2021-22926 5 Haxx, Netapp, Oracle and 2 more 26 Curl, Active Iq Unified Manager, Clustered Data Ontap and 23 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.
CVE-2021-22945 8 Apple, Debian, Fedoraproject and 5 more 25 Macos, Debian Linux, Fedora and 22 more 2024-03-27 5.8 MEDIUM 9.1 CRITICAL
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVE-2021-22947 8 Apple, Debian, Fedoraproject and 5 more 34 Macos, Debian Linux, Fedora and 31 more 2024-03-27 4.3 MEDIUM 5.9 MEDIUM
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
CVE-2022-23222 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-03-25 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
CVE-2021-43976 5 Debian, Fedoraproject, Linux and 2 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-03-25 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-42327 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, H300e and 15 more 2024-03-25 4.6 MEDIUM 6.7 MEDIUM
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
CVE-2021-33200 3 Fedoraproject, Linux, Netapp 19 Fedora, Linux Kernel, Cloud Backup and 16 more 2024-03-25 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2021-29154 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-03-25 7.2 HIGH 7.8 HIGH
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 38 Ubuntu Linux, Debian Linux, Fedora and 35 more 2024-02-16 7.2 HIGH 8.8 HIGH
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2020-35519 2 Linux, Netapp 20 Linux Kernel, Cloud Backup, H300e and 17 more 2024-02-15 6.8 MEDIUM 7.8 HIGH
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2022-27223 2 Linux, Netapp 16 Linux Kernel, Active Iq Unified Manager, H300e and 13 more 2024-02-08 6.5 MEDIUM 8.8 HIGH
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
CVE-2022-28796 4 Fedoraproject, Linux, Netapp and 1 more 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more 2024-02-04 6.9 MEDIUM 7.0 HIGH
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.