NetApp Solidfire Hci Storage Node
By the Year
In 2022 there have been 3 vulnerabilities in NetApp Solidfire Hci Storage Node with an average score of 5.9 out of ten. Solidfire Hci Storage Node did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2022 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 3 | 5.90 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 6.20 |
| 2019 | 1 | 8.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Solidfire Hci Storage Node vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Solidfire Hci Storage Node Security Vulnerabilities
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14
CVE-2022-36946
7.5 - High
- July 27, 2022
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug
CVE-2022-2048
7.5 - High
- July 07, 2022
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
Resource Exhaustion
In Eclipse Jetty versions 9.4.0 thru 9.4.46
CVE-2022-2047
2.7 - Low
- July 07, 2022
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Improper Input Validation
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x
CVE-2020-29569
8.8 - High
- December 15, 2020
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Dangling pointer
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c
CVE-2020-29374
3.6 - Low
- November 28, 2020
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
Race Condition
An issue was discovered in the Linux kernel before 4.20
CVE-2018-20836
8.1 - High
- May 07, 2019
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Race Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Leap or by NetApp? Click the Watch button to subscribe.
