Lucene search

K
NetappH300s Firmware

39 matches found

CVE
CVE
added 2024/05/06 8:15 p.m.6279 views

CVE-2024-33600

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd. This vulnera...

5.9CVSS7AI score0.00283EPSS
CVE
CVE
added 2021/10/27 9:15 p.m.697 views

CVE-2021-25219

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw...

5.3CVSS5.8AI score0.00518EPSS
CVE
CVE
added 2020/05/15 6:15 p.m.560 views

CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

5.3CVSS6AI score0.00027EPSS
CVE
CVE
added 2023/09/12 10:15 p.m.523 views

CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue ...

5.9CVSS6.9AI score0.00304EPSS
CVE
CVE
added 2021/09/29 8:15 p.m.443 views

CVE-2021-22947

When curl >= 7.20.0 and

5.9CVSS7AI score0.00118EPSS
CVE
CVE
added 2022/07/05 11:15 a.m.423 views

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, ...

5.3CVSS7.6AI score0.0075EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.408 views

CVE-2021-22925

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based b...

5.3CVSS6.3AI score0.00453EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.384 views

CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

5.5CVSS5.7AI score0.00063EPSS
CVE
CVE
added 2021/02/26 11:15 p.m.335 views

CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

5.5CVSS6.5AI score0.00644EPSS
CVE
CVE
added 2022/07/27 4:15 a.m.311 views

CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

5.5CVSS6.2AI score0.00036EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.309 views

CVE-2020-12771

An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

5.5CVSS5.9AI score0.00063EPSS
CVE
CVE
added 2022/03/23 11:15 a.m.309 views

CVE-2022-0396

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the co...

5.3CVSS5.9AI score0.0001EPSS
CVE
CVE
added 2022/04/03 9:15 p.m.298 views

CVE-2022-28388

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

5.5CVSS6.3AI score0.00011EPSS
CVE
CVE
added 2022/03/18 7:15 a.m.296 views

CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

5.5CVSS5.8AI score0.00241EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.295 views

CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrar...

5.3CVSS6.1AI score0.00086EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.284 views

CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2022/06/02 2:15 p.m.267 views

CVE-2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols ...

5.7CVSS6.7AI score0.0025EPSS
CVE
CVE
added 2023/05/26 9:15 p.m.262 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl

5.9CVSS6.2AI score0.00305EPSS
CVE
CVE
added 2022/07/07 1:15 p.m.261 views

CVE-2022-32208

When curl

5.9CVSS7.4AI score0.00137EPSS
CVE
CVE
added 2021/05/26 11:15 a.m.238 views

CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.

5.5CVSS6.1AI score0.00124EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.230 views

CVE-2023-27536

An authentication bypass vulnerability exists libcurl

5.9CVSS7AI score0.00007EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.219 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl

5.9CVSS7.3AI score0.00026EPSS
CVE
CVE
added 2022/02/26 4:15 a.m.217 views

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

5.9CVSS6.2AI score0.00027EPSS
CVE
CVE
added 2020/04/10 12:15 a.m.209 views

CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could u...

5.5CVSS6.2AI score0.04704EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.202 views

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

5.5CVSS6.9AI score0.00028EPSS
CVE
CVE
added 2022/03/12 10:15 p.m.193 views

CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

5.5CVSS5.7AI score0.00026EPSS
CVE
CVE
added 2022/06/02 2:15 p.m.193 views

CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix List awareness. If PSL support not provided, a more rudimentary check ...

5.3CVSS6.1AI score0.00172EPSS
CVE
CVE
added 2022/04/03 9:15 p.m.188 views

CVE-2022-28389

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

5.5CVSS6.1AI score0.0002EPSS
CVE
CVE
added 2022/05/03 4:15 p.m.181 views

CVE-2022-1343

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is an...

5.3CVSS7AI score0.00127EPSS
CVE
CVE
added 2022/05/03 4:15 p.m.169 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient...

5.9CVSS7.3AI score0.00059EPSS
CVE
CVE
added 2021/06/11 4:15 p.m.165 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.5AI score0.00761EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.153 views

CVE-2021-42374

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

5.3CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2023/05/26 9:15 p.m.152 views

CVE-2023-28320

A denial of service vulnerability exists in curl

5.9CVSS6.3AI score0.00641EPSS
CVE
CVE
added 2022/08/22 3:15 p.m.150 views

CVE-2022-2873

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

5.5CVSS6AI score0.00027EPSS
CVE
CVE
added 2021/06/24 12:15 p.m.132 views

CVE-2020-28097

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

5.9CVSS6.3AI score0.00147EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.130 views

CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

5.5CVSS6.8AI score0.00052EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.129 views

CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

5.5CVSS7AI score0.00051EPSS
CVE
CVE
added 2022/07/06 7:15 p.m.115 views

CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

5.5CVSS6.8AI score0.00063EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.107 views

CVE-2023-27537

A double free vulnerability exists in libcurl

5.9CVSS5.7AI score0.00053EPSS