Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netapp Subscribe
Filtered by product H410c
Total 158 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28691 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2022-04-06 4.6 MEDIUM 7.8 HIGH
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
CVE-2021-45469 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2022-04-06 4.6 MEDIUM 7.8 HIGH
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
CVE-2021-43975 4 Debian, Fedoraproject, Linux and 1 more 18 Debian Linux, Fedora, Linux Kernel and 15 more 2022-04-06 4.6 MEDIUM 6.7 MEDIUM
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
CVE-2021-40490 4 Debian, Fedoraproject, Linux and 1 more 29 Debian Linux, Fedora, Linux Kernel and 26 more 2022-04-05 4.4 MEDIUM 7.0 HIGH
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2018-25020 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2022-04-05 4.6 MEDIUM 7.8 HIGH
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
CVE-2021-42008 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, H300e and 17 more 2022-03-29 6.9 MEDIUM 7.8 HIGH
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2020-13817 4 Fujitsu, Netapp, Ntp and 1 more 40 M10-1, M10-1 Firmware, M10-4 and 37 more 2022-03-29 5.8 MEDIUM 7.4 HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE-2021-45100 3 Ksmbd Project, Linux, Netapp 18 Ksmbd, Linux Kernel, H300e and 15 more 2022-03-29 5.0 MEDIUM 7.5 HIGH
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.
CVE-2021-41864 4 Debian, Fedoraproject, Linux and 1 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2022-03-25 4.6 MEDIUM 7.8 HIGH
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-3541 4 Netapp, Oracle, Redhat and 1 more 27 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 24 more 2022-03-01 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
CVE-2021-3506 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, Cloud Backup and 17 more 2022-01-21 5.6 MEDIUM 7.1 HIGH
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2020-10690 6 Canonical, Debian, Linux and 3 more 33 Ubuntu Linux, Debian Linux, Linux Kernel and 30 more 2021-12-20 4.4 MEDIUM 6.4 MEDIUM
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
CVE-2021-42252 2 Linux, Netapp 19 Linux Kernel, H300e, H300e Firmware and 16 more 2021-12-02 4.6 MEDIUM 7.8 HIGH
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
CVE-2018-25015 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2021-12-01 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.
CVE-2020-29660 5 Broadcom, Debian, Fedoraproject and 2 more 17 Fabric Operating System, Debian Linux, Fedora and 14 more 2021-11-30 2.1 LOW 4.4 MEDIUM
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
CVE-2021-42327 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, H300e and 15 more 2021-11-28 4.6 MEDIUM 6.7 MEDIUM
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
CVE-2019-16995 3 Linux, Netapp, Opensuse 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more 2021-07-21 7.8 HIGH 7.5 HIGH
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
CVE-2019-15538 6 Canonical, Debian, Fedoraproject and 3 more 28 Ubuntu Linux, Debian Linux, Fedora and 25 more 2021-06-02 7.8 HIGH 7.5 HIGH
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.