NetApp Solidfire Hci Storage Node
By the Year
In 2023 there have been 0 vulnerabilities in NetApp Solidfire Hci Storage Node . Last year Solidfire Hci Storage Node had 8 security vulnerabilities published. Right now, Solidfire Hci Storage Node is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 8 | 6.50 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 6.20 |
| 2019 | 1 | 8.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Solidfire Hci Storage Node vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Solidfire Hci Storage Node Security Vulnerabilities
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14
CVE-2022-36946
7.5 - High
- July 27, 2022
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug
CVE-2022-2048
7.5 - High
- July 07, 2022
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
In Eclipse Jetty versions 9.4.0 thru 9.4.46
CVE-2022-2047
2.7 - Low
- July 07, 2022
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Improper Input Validation
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-27776
6.5 - Medium
- June 02, 2022
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Insufficiently Protected Credentials
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable
CVE-2022-27775
7.5 - High
- June 02, 2022
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected
CVE-2022-27774
5.7 - Medium
- June 02, 2022
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
Insufficiently Protected Credentials
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure
CVE-2022-22576
8.1 - High
- May 26, 2022
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
Missing Authentication for Critical Function
A flaw was found in the Linux SCTP stack
CVE-2021-3772
6.5 - Medium
- March 02, 2022
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
Improper Validation of Integrity Check Value
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x
CVE-2020-29569
8.8 - High
- December 15, 2020
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Dangling pointer
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c
CVE-2020-29374
3.6 - Low
- November 28, 2020
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
Race Condition
An issue was discovered in the Linux kernel before 4.20
CVE-2018-20836
8.1 - High
- May 07, 2019
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Race Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Leap or by NetApp? Click the Watch button to subscribe.
