Netapp

Aff A400 Firmware

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-33060

  • EPSS 0.16%
  • Veröffentlicht 18.08.2022 20:15:09
  • Zuletzt bearbeitet 05.05.2025 17:17:05

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

5.5

CVE-2022-36879

  • EPSS 0.04%
  • Veröffentlicht 27.07.2022 04:15:10
  • Zuletzt bearbeitet 05.05.2025 16:15:17

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

10

CVE-2022-2068

  • EPSS 25.23%
  • Veröffentlicht 21.06.2022 15:15:09
  • Zuletzt bearbeitet 15.09.2025 14:15:33

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022...

7.5

CVE-2022-1473

  • EPSS 0.28%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 05.05.2025 17:17:34

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically de...

5.9

CVE-2022-1434

  • EPSS 0.06%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 21.11.2024 06:40:43

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...

5.3

CVE-2022-1343

  • EPSS 0.13%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 05.05.2025 17:17:34

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the res...

10

CVE-2022-1292

  • EPSS 46.34%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 13.08.2025 14:15:28

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut...

7.5

CVE-2021-45485

  • EPSS 0.52%
  • Veröffentlicht 25.12.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 06:32:18

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among ma...

7.8

CVE-2021-22555

Warnung Exploit
  • EPSS 82.42%
  • Veröffentlicht 07.07.2021 12:15:08
  • Zuletzt bearbeitet 07.10.2025 01:00:02

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

7.8

CVE-2019-25045

Exploit
  • EPSS 0.15%
  • Veröffentlicht 07.06.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:49

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.