Skip to main content

Fas 8300 Firmware

10 CVEs product

Monthly

CVE-2022-36879 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux A700S Firmware +21
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
CVE-2022-1473 Cargo HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-1434 Cargo MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-1343 Cargo MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-0742 HIGH PATCH This Week

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel A400 Firmware Aff 8300 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2021-22555 HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware C250 Firmware H410c Firmware +18
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
78.7%
CVE-2020-15436 MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +18
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2019-19448 HIGH POC This Week

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +17
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +23
NVD GitHub
EPSS 96% CVSS 7.3
HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux +26
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 83% CVSS 7.3
HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway +33
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +13
NVD
EPSS 79% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware +20
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux +20
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure +19
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy