Netapp

H300s Firmware

284 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-1343

  • EPSS 0.13%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 05.05.2025 17:17:34

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the res...

5.9

CVE-2022-1434

  • EPSS 0.06%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 21.11.2024 06:40:43

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...

7.5

CVE-2022-1473

  • EPSS 0.28%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 05.05.2025 17:17:34

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically de...

6.5

CVE-2022-29824

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.05.2022 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...

7.8

CVE-2022-29968

  • EPSS 1.78%
  • Veröffentlicht 02.05.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:00:05

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

7

CVE-2022-1048

  • EPSS 0.01%
  • Veröffentlicht 29.04.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:55

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user t...

7.1

CVE-2022-1353

  • EPSS 0.01%
  • Veröffentlicht 29.04.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:33

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

7.8

CVE-2022-29156

  • EPSS 0.16%
  • Veröffentlicht 13.04.2022 07:15:28
  • Zuletzt bearbeitet 21.11.2024 06:58:36

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

7.8

CVE-2022-28893

  • EPSS 0.03%
  • Veröffentlicht 11.04.2022 05:15:07
  • Zuletzt bearbeitet 21.11.2024 06:58:09

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

7

CVE-2022-28796

  • EPSS 0.1%
  • Veröffentlicht 08.04.2022 05:15:07
  • Zuletzt bearbeitet 21.11.2024 06:57:57

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.