Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-32250 |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. Published: June 02, 2022; 5:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1786 |
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. Published: June 02, 2022; 10:15:33 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1652 |
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. Published: June 02, 2022; 10:15:32 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1882 |
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. Published: May 26, 2022; 1:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1678 |
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Published: May 25, 2022; 11:15:07 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2022-1183 |
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. Published: May 19, 2022; 6:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2022-1734 |
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Published: May 18, 2022; 1:15:08 PM -0400 |
V3.1: 7.0 HIGH V2.0: 4.4 MEDIUM |
CVE-2022-29581 |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. Published: May 17, 2022; 1:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1587 |
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Published: May 16, 2022; 5:15:07 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-1586 |
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Published: May 16, 2022; 5:15:07 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-1679 |
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. Published: May 16, 2022; 2:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-30594 |
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. Published: May 12, 2022; 1:15:06 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2022-29155 |
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. Published: May 04, 2022; 4:15:07 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-29824 |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. Published: May 02, 2022; 11:15:06 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-29968 |
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Published: May 02, 2022; 12:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2022-1353 |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Published: April 29, 2022; 12:15:08 PM -0400 |
V3.1: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2022-1048 |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Published: April 29, 2022; 12:15:08 PM -0400 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2022-29156 |
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Published: April 13, 2022; 3:15:28 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-28893 |
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Published: April 11, 2022; 1:15:07 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-28796 |
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Published: April 08, 2022; 1:15:07 AM -0400 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |