Filtered by vendor Netapp Subscriptions
Filtered by product Solidfire \& Hci Management Node Subscriptions
Total 95 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5178 3 Linux, Netapp, Redhat 10 Linux Kernel, Active Iq Unified Manager, Solidfire \& Hci Management Node and 7 more 2024-11-21 8.8 High
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
CVE-2023-38431 2 Linux, Netapp 6 Linux Kernel, H300s, H410s and 3 more 2024-11-21 9.1 Critical
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
CVE-2023-38428 2 Linux, Netapp 7 Linux Kernel, H300s, H410s and 4 more 2024-11-21 9.1 Critical
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
CVE-2023-38426 2 Linux, Netapp 7 Linux Kernel, H300s, H410s and 4 more 2024-11-21 9.1 Critical
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.
CVE-2023-2007 3 Debian, Linux, Netapp 13 Debian Linux, Linux Kernel, H300s and 10 more 2024-11-21 7.8 High
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
CVE-2022-43680 5 Debian, Fedoraproject, Libexpat Project and 2 more 24 Debian Linux, Fedora, Libexpat and 21 more 2024-11-21 7.5 High
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-36946 4 Debian, Linux, Netapp and 1 more 10 Debian Linux, Linux Kernel, Active Iq Unified Manager and 7 more 2024-11-21 7.5 High
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
CVE-2022-30594 4 Debian, Linux, Netapp and 1 more 24 Debian Linux, Linux Kernel, 8300 and 21 more 2024-11-21 7.8 High
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-30115 3 Haxx, Netapp, Splunk 15 Curl, Clustered Data Ontap, H300s and 12 more 2024-11-21 4.3 Medium
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
CVE-2022-29968 3 Fedoraproject, Linux, Netapp 13 Fedora, Linux Kernel, H300s and 10 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
CVE-2022-29824 6 Debian, Fedoraproject, Netapp and 3 more 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more 2024-11-21 6.5 Medium
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2022-28893 4 Debian, Linux, Netapp and 1 more 25 Debian Linux, Linux Kernel, H300e and 22 more 2024-11-21 7.8 High
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVE-2022-28796 4 Fedoraproject, Linux, Netapp and 1 more 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more 2024-11-21 7.0 High
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
CVE-2022-27781 5 Debian, Haxx, Netapp and 2 more 17 Debian Linux, Curl, Clustered Data Ontap and 14 more 2024-11-21 7.5 High
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
CVE-2022-27780 3 Haxx, Netapp, Splunk 15 Curl, Clustered Data Ontap, H300s and 12 more 2024-11-21 7.5 High
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
CVE-2022-27779 3 Haxx, Netapp, Splunk 15 Curl, Clustered Data Ontap, H300s and 12 more 2024-11-21 5.3 Medium
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
CVE-2022-27778 4 Haxx, Netapp, Oracle and 1 more 19 Curl, Active Iq Unified Manager, Bh500s Firmware and 16 more 2024-11-21 8.1 High
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
CVE-2022-27776 7 Brocade, Debian, Fedoraproject and 4 more 19 Fabric Operating System, Debian Linux, Fedora and 16 more 2024-11-21 6.5 Medium
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-27775 6 Brocade, Debian, Haxx and 3 more 18 Fabric Operating System, Debian Linux, Curl and 15 more 2024-11-21 7.5 High
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
CVE-2022-27774 6 Brocade, Debian, Haxx and 3 more 18 Fabric Operating System, Debian Linux, Curl and 15 more 2024-11-21 5.7 Medium
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.