H410c Firmware

h410c_firmware

Vendor: Netapp • 237 CVEs

CVEs (237)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-23133 5Broadcom DebianFedoraproject+2 more 15Brocade Fabric Operating System Cloud BackupDebian Linux+12 more Nov 21, 2024 Apr 22, 2021 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called w...Show more A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.Show less
CVE-2021-3506 3Debian LinuxNetapp 12Cloud Backup Debian LinuxH300e Firmware+9 more Nov 21, 2024 Apr 19, 2021 N/A· v4 7.1 HIGH· v3 5.6 MEDIUM· v2 An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds m...Show more An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.Show less
CVE-2020-35508 3Linux NetappRedhat 18A700s Firmware Aff A400 FirmwareBrocade Fabric Operating System Firmware+15 more Nov 21, 2024 Mar 26, 2021 N/A· v4 4.5 MEDIUM· v3 4.4 MEDIUM· v2 A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to...Show more A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.Show less
CVE-2020-27618 4Debian GnuNetapp+1 more 14500f Firmware A250 FirmwareCommunications Cloud Native Core Service Communication Proxy+11 more Jun 9, 2025 Feb 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input s...Show more The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.Show less
CVE-2020-27825 4Debian LinuxNetapp+1 more 7Cloud Backup Debian LinuxEnterprise Linux+4 more Nov 21, 2024 Dec 11, 2020 N/A· v4 5.7 MEDIUM· v3 5.4 MEDIUM· v2 A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of...Show more A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.Show less
CVE-2020-29661 6Broadcom DebianFedoraproject+3 more 128300 Firmware 8700 FirmwareA400 Firmware+9 more Nov 21, 2024 Dec 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-29660 5Broadcom DebianFedoraproject+2 more 118300 Firmware 8700 FirmwareA400 Firmware+8 more Nov 21, 2024 Dec 9, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9...Show more A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.Show less
CVE-2020-29374 3Debian LinuxNetapp 8500f Firmware A250 FirmwareDebian Linux+5 more Nov 21, 2024 Nov 28, 2020 N/A· v4 3.6 LOW· v3 3.3 LOW· v2 An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantic...Show more An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.Show less
CVE-2020-29370 2Linux Netapp 7Cloud Backup H410c FirmwareHci Compute Node Firmware+4 more Nov 21, 2024 Nov 28, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29368 2Linux Netapp 7Cloud Backup Element SoftwareH410c Firmware+4 more Nov 21, 2024 Nov 28, 2020 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, ak...Show more An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.Show less
CVE-2020-15436 3Broadcom LinuxNetapp 19A250 Firmware A700s FirmwareAff 500f Firmware+16 more Nov 21, 2024 Nov 23, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVE-2020-25643 6Debian LinuxNetapp+3 more 6Debian Linux Enterprise LinuxH410c Firmware+3 more Nov 21, 2024 Oct 6, 2020 N/A· v4 7.2 HIGH· v3 7.5 HIGH· v2 A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the sys...Show more A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.Show less
CVE-2020-16166 7Canonical DebianFedoraproject+4 more 15Active Iq Unified Manager Cloud Volumes Ontap MediatorDebian Linux+12 more Nov 21, 2024 Jul 30, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/ra...Show more The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.Show less
CVE-2020-15025 4Netapp NtpOpensuse+1 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used...Show more ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.Show less
CVE-2020-14155 6Apple GitlabNetapp+3 more 15Active Iq Unified Manager Cloud BackupClustered Data Ontap+12 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-13817 4Fujitsu NetappNtp+1 more 25Cloud Backup Clustered Data OntapData Ontap+22 more May 5, 2025 Jun 4, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must...Show more ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.Show less
CVE-2020-13143 5Canonical DebianLinux+2 more 24A700s Firmware Active Iq Unified ManagerBootstrap Os+21 more Nov 21, 2024 May 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out...Show more gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.Show less
CVE-2020-12888 6Canonical DebianFedoraproject+3 more 25A700s Firmware Active Iq Unified ManagerBootstrap Os+22 more Nov 21, 2024 May 15, 2020 N/A· v4 5.3 MEDIUM· v3 4.7 MEDIUM· v2 The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2020-12771 6Canonical DebianLinux+3 more 24A700s Firmware Active Iq Unified ManagerCloud Backup+21 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

Previous 1...8 91011 12 Next