Netapp Solidfire_\&_hci_storage_node
26 CVEs affecting Netapp Solidfire_\&_hci_storage_node. Latest disclosed: 2025-02-05. Critical: 5, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-44228 | Critical | 10.0 | 2021-12-10 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter… |
CVE-2024-40896 | Critical | 9.1 | 2024-12-23 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers… |
CVE-2023-38432 | Critical | 9.1 | 2023-07-18 | An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload siz… |
CVE-2023-38428 | Critical | 9.1 | 2023-07-18 | An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider t… |
CVE-2023-38426 | Critical | 9.1 | 2023-07-18 | An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger th… |
CVE-2023-5178 | High | 8.8 | 2023-11-01 | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux k… |
CVE-2020-29569 | High | 8.8 | 2020-12-15 | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handle… |
CVE-2023-32257 | High | 8.1 | 2023-07-24 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and… |
CVE-2022-22576 | High | 8.1 | 2022-05-26 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properl… |
CVE-2018-20836 | High | 8.1 | 2019-05-07 | An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expand… |
CVE-2023-37920 | High | 7.5 | 2023-07-25 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi… |
CVE-2022-36946 | High | 7.5 | 2022-07-27 | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in th… |
CVE-2022-2048 | High | 7.5 | 2022-07-07 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning… |
CVE-2022-27775 | High | 7.5 | 2022-06-02 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a… |
CVE-2020-25645 | High | 7.5 | 2020-10-13 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt tr… |
CVE-2024-33602 | High | 7.4 | 2024-05-06 | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callbac… |
CVE-2025-0725 | High | 7.3 | 2025-02-05 | When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3… |
CVE-2020-12464 | Medium | 6.7 | 2020-04-29 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad3… |
CVE-2022-27776 | Medium | 6.5 | 2022-06-02 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host… |
CVE-2021-3772 | Medium | 6.5 | 2022-03-02 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP… |