Note:
This project will be discontinued after December 13, 2021. [more]
Product:
H300s_firmware
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 265 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-25 | CVE-2023-0045 | The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional... | Debian_linux, Linux_kernel, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 7.5 | ||
| 2023-05-15 | CVE-2023-2124 | An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. | Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 7.8 | ||
| 2023-05-21 | CVE-2023-33250 | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. | Linux_kernel, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 4.4 | ||
| 2023-05-26 | CVE-2023-28322 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.... | Macos, Fedora, Curl, Clustered_data_ontap, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_antivirus_connector | 3.7 | ||
| 2023-05-26 | CVE-2023-2898 | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 4.7 | ||
| 2023-06-05 | CVE-2023-3111 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 7.8 | ||
| 2023-06-16 | CVE-2023-35788 | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | Ubuntu_linux, Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 7.8 | ||
| 2023-06-21 | CVE-2023-2828 | Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or... | Debian_linux, Fedora, Bind, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | N/A | ||
| 2023-06-21 | CVE-2023-2829 | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. | Bind, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | N/A | ||
| 2023-06-21 | CVE-2023-2911 | If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | Debian_linux, Fedora, Bind, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | N/A |