H410s Firmware

h410s_firmware

Vendor: Netapp • 289 CVEs

CVEs (289)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-28660 4Debian FedoraprojectLinux+1 more 12Cloud Backup Debian LinuxFedora+9 more Nov 21, 2024 Mar 17, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not...Show more rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.Show less
CVE-2020-27618 4Debian GnuNetapp+1 more 14500f Firmware A250 FirmwareCommunications Cloud Native Core Service Communication Proxy+11 more Jun 9, 2025 Feb 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input s...Show more The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.Show less
CVE-2020-15025 4Netapp NtpOpensuse+1 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used...Show more ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.Show less
CVE-2020-14155 6Apple GitlabNetapp+3 more 15Active Iq Unified Manager Cloud BackupClustered Data Ontap+12 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-13817 4Fujitsu NetappNtp+1 more 25Cloud Backup Clustered Data OntapData Ontap+22 more May 5, 2025 Jun 4, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must...Show more ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.Show less
CVE-2020-13143 5Canonical DebianLinux+2 more 24A700s Firmware Active Iq Unified ManagerBootstrap Os+21 more Nov 21, 2024 May 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out...Show more gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.Show less
CVE-2020-12888 6Canonical DebianFedoraproject+3 more 25A700s Firmware Active Iq Unified ManagerBootstrap Os+22 more Nov 21, 2024 May 15, 2020 N/A· v4 5.3 MEDIUM· v3 4.7 MEDIUM· v2 The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2020-12771 6Canonical DebianLinux+3 more 24A700s Firmware Active Iq Unified ManagerCloud Backup+21 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12770 5Canonical DebianFedoraproject+2 more 23A700s Firmware Active Iq Unified ManagerBootstrap Os+20 more Nov 21, 2024 May 9, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12769 5Canonical DebianLinux+2 more 23A700s Firmware Active Iq Unified ManagerCloud Backup+20 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-10690 6Canonical DebianLinux+3 more 22Active Iq Unified Manager Debian LinuxElement Software+19 more Nov 21, 2024 May 8, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /d...Show more There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.Show less
CVE-2020-12653 4Debian LinuxNetapp+1 more 22A700s Firmware Active Iq Unified ManagerCloud Backup+19 more Nov 21, 2024 May 5, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an...Show more An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.Show less
CVE-2020-11022 8Debian DrupalFedoraproject+5 more 70Agile Product Lifecycle Management For Process Agile Product Supplier Collaboration For ProcessApplication Testing Suite+67 more Apr 13, 2026 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted co...Show more In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-11023 7Debian DrupalFedoraproject+4 more 52Active Iq Unified Manager Application ExpressApplication Testing Suite+49 more Nov 7, 2025 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(),...Show more In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-11884 5Canonical DebianFedoraproject+2 more 23A700s Firmware Active Iq Unified ManagerBootstrap Os+20 more Nov 21, 2024 Apr 29, 2020 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a...Show more In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.Show less
CVE-2020-12243 8Apple BroadcomCanonical+5 more 18Brocade Fabric Operating System Cloud BackupDebian Linux+15 more Nov 21, 2024 Apr 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-8832 2Canonical Netapp 32Aff 8300 Firmware Aff 8700 FirmwareAff A220 Firmware+29 more Nov 21, 2024 Apr 10, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete,...Show more The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.Show less
CVE-2020-8835 4Canonical FedoraprojectLinux+1 more 278300 Firmware 8700 FirmwareA220 Firmware+24 more Nov 21, 2024 Apr 2, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerabi...Show more In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)Show less
CVE-2020-7595 7Canonical DebianFedoraproject+4 more 24Clustered Data Ontap Communications Cloud Native Core Network Function Cloud Native EnvironmentDebian Linux+21 more Dec 3, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Previous 1...11 12 131415 Next