Netapp

Solidfire, Enterprise Sds & Hci Storage Node

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-30115

Exploit
  • EPSS 0.06%
  • Veröffentlicht 02.06.2022 14:15:51
  • Zuletzt bearbeitet 21.11.2024 07:02:11

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while no...

7.5

CVE-2022-27781

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.06.2022 14:15:44
  • Zuletzt bearbeitet 21.11.2024 06:56:10

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending bus...

7.5

CVE-2022-27780

Exploit
  • EPSS 0.09%
  • Veröffentlicht 02.06.2022 14:15:44
  • Zuletzt bearbeitet 21.11.2024 06:56:10

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0....

5.3

CVE-2022-27779

Exploit
  • EPSS 0.19%
  • Veröffentlicht 02.06.2022 14:15:44
  • Zuletzt bearbeitet 21.11.2024 06:56:10

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://public...

7.8

CVE-2022-30594

Exploit
  • EPSS 0.03%
  • Veröffentlicht 12.05.2022 05:15:06
  • Zuletzt bearbeitet 21.11.2024 07:02:59

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

5.9

CVE-2022-1434

  • EPSS 0.06%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 21.11.2024 06:40:43

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...

5

CVE-2022-21449

Warnung
  • EPSS 24.91%
  • Veröffentlicht 19.04.2022 21:15:16
  • Zuletzt bearbeitet 21.11.2024 06:44:43

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. E...

5

CVE-2022-21434

  • EPSS 0.11%
  • Veröffentlicht 19.04.2022 21:15:15
  • Zuletzt bearbeitet 21.11.2024 06:44:41

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20...

5

CVE-2022-21426

  • EPSS 0.06%
  • Veröffentlicht 19.04.2022 21:15:15
  • Zuletzt bearbeitet 21.11.2024 06:44:40

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5,...

7.8

CVE-2022-28893

  • EPSS 0.03%
  • Veröffentlicht 11.04.2022 05:15:07
  • Zuletzt bearbeitet 21.11.2024 06:58:09

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.