Latest netapp h300s firmware Vulnerabilities

CVE-2023-40791
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
Linux Linux kernel<6.4.12
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
Netapp H700s Firmware
and 3 more
CVE-2023-5363
Incorrect cipher key & IV length processing
redhat/OpenSSL<3.0.12
redhat/OpenSSL<3.1.4
debian/openssl
OpenSSL OpenSSL>=3.0.0<3.0.12
OpenSSL OpenSSL>=3.1.0<3.1.4
Debian Debian Linux=12.0
and 14 more
CVE-2023-4236
named may terminate unexpectedly under high DNS-over-TLS query load
debian/bind9<=1:9.18.16-1~deb12u1<=1:9.18.16-1
ISC BIND>=9.18.0<9.18.18
ISC BIND=9.18.11-s1
ISC BIND=9.18.18-s1
debian/bind9
Fedoraproject Fedora=37
and 19 more
CVE-2023-4527
Glibc: stack read overflow in getaddrinfo in no-aaaa mode
debian/glibc<=2.36-9+deb12u2
GNU glibc<2.39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/glibc<2.37-0ubuntu2.1
ubuntu/glibc<2.38-1ubuntu5
and 35 more
CVE-2023-4273
Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
Linux Linux kernel<6.4
Linux Linux kernel=6.5-rc1
Linux Linux kernel=6.5-rc2
Linux Linux kernel=6.5-rc3
Linux Linux kernel=6.5-rc4
Fedoraproject Fedora=38
and 137 more
CVE-2023-32252
Linux Kernel ksmbd Session NULL Pointer Dereference Denial-of-Service Vulnerability
Linux Linux kernel<=6.3.9
Linux kernel
redhat/kernel<6.4
ubuntu/linux<5.15.0-94.104
ubuntu/linux<6.2.0-32.32
ubuntu/linux<6.4~
and 132 more
CVE-2023-2829
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely termina...
ISC BIND>=9.16.8<=9.16.41
ISC BIND>=9.18.11<=9.18.15
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp H500s Firmware
Netapp H500s
Netapp H700s Firmware
and 7 more
CVE-2023-2911
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could c...
ubuntu/bind9<1:9.16.1-0ubuntu2.15
ubuntu/bind9<1:9.18.12-0ubuntu0.22.04.2
ubuntu/bind9<1:9.18.12-0ubuntu0.22.10.2
ubuntu/bind9<1:9.18.12-1ubuntu1.1
ubuntu/bind9<9.16.42<9.18.16
ubuntu/bind9<1:9.18.12-1ubuntu2
and 30 more
CVE-2023-2828
ISC BIND is vulnerable to a denial of service, caused by a flaw that allows the named's configured cache size limit to be significantly exceeded. By querying the resolver for specific RRsets in a cert...
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
ubuntu/bind9<1:9.11.3+dfsg-1ubuntu1.19+
ubuntu/bind9<1:9.9.5.dfsg-3ubuntu0.19+
ubuntu/bind9<1:9.10.3.dfsg.
ubuntu/bind9<1:9.16.1-0ubuntu2.15
ubuntu/bind9<1:9.18.12-0ubuntu0.22.04.2
and 39 more
CVE-2023-35788
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an off-by-one flaw in the fl_set_geneve_opt fucntion. By sending a specially crafted reques...
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
redhat/kernel<6.4
ubuntu/linux-nvidia<5.15.0-1028.28
ubuntu/linux-nvidia<6.4~
ubuntu/linux-gkeop-5.15<5.15.0-1023.28~20.04.1
ubuntu/linux-gkeop-5.15<6.4~
and 182 more
CVE-2023-3212
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure a...
Linux Linux kernel<6.4
Linux Linux kernel=6.4-rc1
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/kernel<6.4
and 176 more
CVE-2023-3111
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calli...
Linux Linux kernel>=2.6.31<4.14.318
Linux Linux kernel>=4.15<4.19.286
Linux Linux kernel>=4.20<5.4.247
Linux Linux kernel>=5.5<5.10.184
Linux Linux kernel>=5.11<5.15.63
Linux Linux kernel>=5.16<5.19.4
and 152 more
CVE-2023-2953
A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.
Apple macOS Big Sur<11.7.9
Apple macOS Ventura<13.5
Apple macOS Monterey<12.6.8
ubuntu/openldap<2.4.45+dfsg-1ubuntu1.11+
ubuntu/openldap<2.4.49+dfsg-2ubuntu1.10
ubuntu/openldap<2.5.16+dfsg-0ubuntu0.22.04.2
and 33 more
CVE-2023-28320
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous ...
Haxx Curl<8.1.0
Apple macOS Ventura<13.5
Apple macOS Big Sur<11.7.9
Apple macOS Monterey<12.6.8
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
and 13 more
CVE-2023-2898
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.
Linux Linux kernel
ubuntu/linux<5.15.0-83.92
ubuntu/linux<6.2.0-32.32
ubuntu/linux<6.5~
ubuntu/linux-allwinner<6.5~
ubuntu/linux-allwinner-5.19<6.5~
and 123 more
CVE-2023-33250
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
Linux Linux kernel=6.3
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
Netapp H700s Firmware
and 11 more
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when...
Haxx Curl<8.1.0
ubuntu/curl<8.1.0
ubuntu/curl<7.68.0-1ubuntu2.19
ubuntu/curl<7.81.0-1ubuntu1.11
ubuntu/curl<7.85.0-1ubuntu0.6
ubuntu/curl<7.88.1-8ubuntu2.1
and 34 more
CVE-2023-28321
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl ...
Haxx Curl<8.1.0
ubuntu/curl<8.1.0
ubuntu/curl<7.68.0-1ubuntu2.19
ubuntu/curl<7.81.0-1ubuntu1.11
ubuntu/curl<7.85.0-1ubuntu0.6
ubuntu/curl<7.88.1-8ubuntu2.1
and 35 more
CVE-2023-28319
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memor...
Haxx Curl<8.1.0
redhat/curl<8.1.0
Apple macOS Ventura<13.5
Apple macOS Big Sur<11.7.9
Apple macOS Monterey<12.6.8
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
and 14 more
CVE-2023-2269
A bug in the Linux kernel version 6.2.0 by syzkaller with our own templates. The bug causes a possible recursive locking scenario, resulting in a deadlock. The key trace is as follows: down_read+0x9...
Linux Linux kernel=6.2
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Fedoraproject Fedora=38
ubuntu/linux<4.15.0-216.227
ubuntu/linux<5.4.0-162.179
and 159 more
CVE-2023-2007
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction w...
Linux Linux kernel<6.0
debian/linux<=4.19.249-2
debian/linux-5.10
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp H300s Firmware
and 10 more
CVE-2023-27537
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl=7.88.0
Haxx Libcurl=7.88.1
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 20 more
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have pre...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.16.1<8.0.0
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 22 more
CVE-2023-27536
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to chec...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.22.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created conn...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.13.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its inten...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.18.0<=7.88.1
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
and 20 more
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.0.0<=7.881
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
and 20 more
CVE-2023-1380
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len da...
ubuntu/linux<4.15.0-212.223
ubuntu/linux<5.4.0-150.167
ubuntu/linux<5.15.0-73.80
ubuntu/linux<5.19.0-43.44
ubuntu/linux<6.2.0-23.23
ubuntu/linux<3.13.0-194.245
and 215 more
CVE-2023-28464
A double free vulnerability was found in the hci_conn_cleanup function of net/bluetooth/hci_conn.c, which may cause DOS or privilege escalation. Version: Linux kernel 6.2 (this problem also exists in...
Linux Linux kernel=6.1.25
Linux Linux kernel=6.2.12
Linux Linux kernel=6.3
Linux Linux kernel=6.3-rc1
Linux Linux kernel=6.3-rc2
Linux Linux kernel=6.3-rc3
and 13 more
CVE-2023-26545
A double free in net/mpls/af_mpls.c upon an allocation failure during the renaming of a device in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unk...
redhat/kernel<6.2
ubuntu/linux-iot<5.4.0-1017.18
ubuntu/linux<6.2
ubuntu/linux<4.15.0-209.220
ubuntu/linux<5.4.0-147.164
ubuntu/linux<5.15.0-70.77
and 157 more
CVE-2023-23916
cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerabilit...
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.88.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.57.0<7.88.0
Fedoraproject Fedora=36
and 22 more
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using it...
redhat/curl<7.88.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.77.0<7.88.0
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 19 more
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl...
redhat/curl<7.88.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.77.0<7.88.0
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 19 more
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based...
Apple macOS Ventura<13.2
Apple macOS Monterey<12.6.3
Haxx Curl>=7.84.0<7.86.0
NetApp Clustered Data ONTAP
Netapp H300s Firmware
Netapp H300s
and 18 more
CVE-2022-45888
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
Linux Linux kernel<=6.0.9
Netapp H410c Firmware
Netapp H410c
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
and 15 more
CVE-2022-45884
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
Linux Linux kernel<=6.0.9
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
Netapp H700s Firmware
and 15 more
CVE-2022-45885
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
Linux Linux kernel<=6.0.9
Netapp H410c Firmware
Netapp H410c
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
and 15 more
CVE-2022-44792
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the insta...
Net-snmp Net-snmp>=5.8<=5.9.3
Debian Debian Linux=10.0
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
and 4 more
CVE-2022-44793
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via ...
Net-snmp Net-snmp>=5.4.3<=5.9.3
Debian Debian Linux=10.0
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
and 4 more
CVE-2022-42915
A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL. It sets up the connection to the remote server by issuing a `CONNECT` re...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
Apple macOS Ventura<13.2
redhat/curl<7.86.0
Apple macOS Monterey<12.6.3
Haxx Curl>=7.77.0<7.86.0
and 25 more
CVE-2022-32221
A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CU...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.76.1-19.el9_1.1
redhat/curl<0:7.76.1-14.el9_0.6
debian/curl<=7.64.0-4+deb10u2
Apple macOS Ventura<13.2
and 27 more
CVE-2022-3564
A use-after-free in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth in Linux Kernel could allow a remote authenticated attacker from within the loca...
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
ubuntu/linux<4.15.0-200.211
ubuntu/linux<5.4.0-135.152
ubuntu/linux<5.15.0-56.62
ubuntu/linux<5.19.0-26.27
ubuntu/linux<6.1~
and 168 more
CVE-2022-40303
A flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEnt...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
Apple tvOS<16.2
Apple watchOS<9.2
Apple macOS Big Sur<11.7.2
Apple macOS Monterey<12.6.2
and 29 more
CVE-2022-40304
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted res...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
Apple tvOS<16.2
Apple watchOS<9.2
Apple macOS Monterey<12.6.2
Apple macOS Big Sur<11.7.2
and 29 more
CVE-2022-39046
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it t...
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
GNU glibc=2.36
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
and 18 more
CVE-2022-2961
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This ...
Linux Linux kernel<6.0
Linux Linux kernel=6.0-rc1
Fedoraproject Fedora=36
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
and 7 more
CVE-2022-35252
A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), a...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.61.1-30.el8
redhat/curl<0:7.76.1-23.el9
Apple macOS Ventura<13.1
Apple macOS Monterey<12.6.3
and 33 more
CVE-2022-37434
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call in...
redhat/zlib<0:1.2.7-21.el7_9
redhat/zlib<0:1.2.11-19.el8_6
redhat/rsync<0:3.1.3-19.el8
redhat/zlib<0:1.2.11-32.el9_0
redhat/rsync<0:3.2.3-18.el9
debian/zlib<=1:1.2.11.dfsg-1<=1:1.2.11.dfsg-4<=1:1.2.11.dfsg-2+deb11u1
and 63 more
CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
Linux Linux kernel<5.18.13
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
Netapp H500s
Netapp H700s Firmware
and 5 more
CVE-2022-2526
systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in "resolved-dns-st...
redhat/systemd<0:219-78.el7_9.7
redhat/systemd<0:239-58.el8_6.4
redhat/systemd<0:239-18.el8_1.11
redhat/systemd<0:239-31.el8_2.9
redhat/systemd<0:239-45.el8_4.12
IBM BM Security Guardium<=11.3
and 13 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203