Netapp

Fas 500f Firmware

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-36879

  • EPSS 0.04%
  • Published 27.07.2022 04:15:10
  • Last modified 05.05.2025 16:15:17

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

10

CVE-2022-1292

  • EPSS 46.34%
  • Published 03.05.2022 16:15:18
  • Last modified 13.08.2025 14:15:28

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut...

5.3

CVE-2022-1343

  • EPSS 0.13%
  • Published 03.05.2022 16:15:18
  • Last modified 05.05.2025 17:17:34

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the res...

5.9

CVE-2022-1434

  • EPSS 0.06%
  • Published 03.05.2022 16:15:18
  • Last modified 21.11.2024 06:40:43

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...

7.5

CVE-2022-1473

  • EPSS 0.28%
  • Published 03.05.2022 16:15:18
  • Last modified 05.05.2025 17:17:34

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically de...

7

CVE-2021-40490

  • EPSS 0.04%
  • Published 03.09.2021 01:15:07
  • Last modified 21.11.2024 06:24:14

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

4.7

CVE-2021-28964

  • EPSS 0.09%
  • Published 22.03.2021 09:15:13
  • Last modified 21.11.2024 06:00:27

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d...

7.8

CVE-2021-28952

  • EPSS 0.24%
  • Published 20.03.2021 21:15:11
  • Last modified 21.11.2024 06:00:25

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

5.5

CVE-2021-28951

  • EPSS 0.06%
  • Published 20.03.2021 20:15:13
  • Last modified 21.11.2024 06:00:25

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal ...

8.3

CVE-2020-14305

Exploit
  • EPSS 0.93%
  • Published 02.12.2020 01:15:12
  • Last modified 21.11.2024 05:02:58

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial ...