Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product H300s
Total 187 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45868 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2023-02-04 4.3 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2021-4197 5 Broadcom, Debian, Linux and 2 more 14 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 11 more 2023-02-03 7.2 HIGH 7.8 HIGH
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 55 Debian Linux, Drupal, Fedora and 52 more 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2021-3640 5 Canonical, Debian, Fedoraproject and 2 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2023-02-02 6.9 MEDIUM 7.0 HIGH
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2021-3999 3 Debian, Gnu, Netapp 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more 2023-02-02 N/A 7.8 HIGH
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVE-2021-3609 3 Linux, Netapp, Redhat 43 Linux Kernel, H300e, H300e Firmware and 40 more 2023-02-02 6.9 MEDIUM 7.0 HIGH
A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.
CVE-2022-0185 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2023-02-02 7.2 HIGH 8.4 HIGH
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
CVE-2021-3772 5 Debian, Linux, Netapp and 2 more 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more 2023-02-02 5.8 MEDIUM 6.5 MEDIUM
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2020-35508 3 Linux, Netapp, Redhat 33 Linux Kernel, A700s, A700s Firmware and 30 more 2023-02-02 4.4 MEDIUM 4.5 MEDIUM
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 38 Ubuntu Linux, Debian Linux, Fedora and 35 more 2023-02-02 7.2 HIGH 8.8 HIGH
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 44 Ubuntu Linux, Debian Linux, Fedora and 41 more 2023-02-02 7.2 HIGH 7.8 HIGH
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. In the worst case (and likely most common virtualization) scenario this flaw affects KVM/qemu hypervisor enabled hosts running Linux guests.
CVE-2019-14816 6 Canonical, Debian, Linux and 3 more 51 Ubuntu Linux, Debian Linux, Linux Kernel and 48 more 2023-02-02 7.2 HIGH 7.8 HIGH
A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path.
CVE-2018-16871 3 Linux, Netapp, Redhat 28 Linux Kernel, Cloud Backup, H300e and 25 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVE-2019-14814 6 Canonical, Debian, Linux and 3 more 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more 2023-02-02 7.2 HIGH 7.8 HIGH
A flaw was found in the Linux kernel’s implementation of the Marvell wifi driver, which can allow a local user who has CAP_NET_ADMIN or administrative privileges to possibly cause a Denial Of Service (DOS) by corrupting memory and possible code execution.
CVE-2022-1199 3 Linux, Netapp, Redhat 13 Linux Kernel, Active Iq Unified Manager, H300s and 10 more 2023-02-02 N/A 7.5 HIGH
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.
CVE-2020-10732 4 Canonical, Linux, Netapp and 1 more 31 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 28 more 2023-02-02 3.6 LOW 4.4 MEDIUM
A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2021-22600 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2023-02-02 7.2 HIGH 7.8 HIGH
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
CVE-2022-24958 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2023-02-01 4.6 MEDIUM 7.8 HIGH
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
CVE-2022-45919 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2023-02-01 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45934 4 Debian, Fedoraproject, Linux and 1 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2023-02-01 N/A 7.8 HIGH
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.