Search Results (Refine Search)
- Keyword (text search): cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-30594 |
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. Published: May 12, 2022; 1:15:06 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2022-29155 |
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. Published: May 04, 2022; 4:15:07 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-29824 |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. Published: May 02, 2022; 11:15:06 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-29968 |
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Published: May 02, 2022; 12:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2022-1353 |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Published: April 29, 2022; 12:15:08 PM -0400 |
V3.1: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2022-1048 |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Published: April 29, 2022; 12:15:08 PM -0400 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2022-29156 |
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Published: April 13, 2022; 3:15:28 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-28893 |
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Published: April 11, 2022; 1:15:07 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-28796 |
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Published: April 08, 2022; 1:15:07 AM -0400 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2022-28389 |
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Published: April 03, 2022; 5:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2022-28388 |
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. Published: April 03, 2022; 5:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2022-0998 |
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Published: March 30, 2022; 12:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1055 |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 Published: March 29, 2022; 11:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2022-0995 |
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. Published: March 25, 2022; 3:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-0500 |
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. Published: March 25, 2022; 3:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-0330 |
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Published: March 25, 2022; 3:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-4203 |
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. Published: March 25, 2022; 3:15:09 PM -0400 |
V3.1: 6.8 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2018-25032 |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Published: March 25, 2022; 5:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-4197 |
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Published: March 23, 2022; 4:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-25220 |
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. Published: March 23, 2022; 9:15:07 AM -0400 |
V3.1: 6.8 MEDIUM V2.0: 4.0 MEDIUM |