Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Cloud Backup
Total 338 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35519 2 Linux, Netapp 20 Linux Kernel, Cloud Backup, H300e and 17 more 2024-02-15 6.8 MEDIUM 7.8 HIGH
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-29368 2 Linux, Netapp 9 Linux Kernel, Cloud Backup, Element Software and 6 more 2024-02-15 6.9 MEDIUM 7.0 HIGH
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-12659 2 Linux, Netapp 8 Linux Kernel, Active Iq Unified Manager, Aff Baseboard Management Controller and 5 more 2024-02-01 7.2 HIGH 6.7 MEDIUM
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2021-32785 4 Apache, Debian, Netapp and 1 more 4 Http Server, Debian Linux, Cloud Backup and 1 more 2024-01-30 4.3 MEDIUM 7.5 HIGH
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.
CVE-2020-10757 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-01-19 6.9 MEDIUM 7.8 HIGH
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2021-3634 6 Debian, Fedoraproject, Libssh and 3 more 7 Debian Linux, Fedora, Libssh and 4 more 2023-12-22 4.0 MEDIUM 6.5 MEDIUM
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
CVE-2021-0060 2 Intel, Netapp 190 11th Generation Core Series Firmware, Atom C3000 Series Firmware, Atom C3308 and 187 more 2023-12-10 7.2 HIGH 6.6 MEDIUM
Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access.
CVE-2021-0119 2 Intel, Netapp 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more 2023-12-10 4.6 MEDIUM 6.2 MEDIUM
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
CVE-2021-0118 2 Intel, Netapp 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0093 2 Intel, Netapp 681 Atom C3308, Atom C3336, Atom C3338 and 678 more 2023-12-10 2.1 LOW 4.4 MEDIUM
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
CVE-2021-0124 2 Intel, Netapp 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more 2023-12-10 4.6 MEDIUM 6.6 MEDIUM
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
CVE-2021-0092 2 Intel, Netapp 681 Atom C3308, Atom C3336, Atom C3338 and 678 more 2023-12-10 2.1 LOW 4.4 MEDIUM
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
CVE-2021-0099 2 Intel, Netapp 681 Atom C3308, Atom C3336, Atom C3338 and 678 more 2023-12-10 4.6 MEDIUM 7.8 HIGH
Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2021-33068 2 Intel, Netapp 2 Active Management Technology Firmware, Cloud Backup 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2021-0117 2 Intel, Netapp 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more 2023-12-10 4.6 MEDIUM 7.8 HIGH
Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0125 2 Intel, Netapp 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more 2023-12-10 4.6 MEDIUM 6.6 MEDIUM
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
CVE-2021-0103 2 Intel, Netapp 681 Atom C3308, Atom C3336, Atom C3338 and 678 more 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0115 2 Intel, Netapp 681 Atom C3308, Atom C3336, Atom C3338 and 678 more 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0111 2 Intel, Netapp 681 Atom C3308, Atom C3336, Atom C3338 and 678 more 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0156 2 Intel, Netapp 1358 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1355 more 2023-12-10 4.6 MEDIUM 7.8 HIGH
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.