Solidfire & Hci Storage Node Security Vulnerabilities and Issues — Solidfire & Hci Storage Node CVE List

Lucene search

NetappSolidfire & Hci Storage Node

8 matches found

CVE•added 2022/07/07 9:15 p.m.•490 views

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

4CVSS5.2AI score0.00878EPSS

CVE•added 2022/07/07 9:15 p.m.•352 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left ...

7.5CVSS7.3AI score0.01411EPSS

CVE•added 2022/06/02 2:15 p.m.•352 views

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

6.5CVSS7.3AI score0.00647EPSS

CVE•added 2022/07/27 8:15 p.m.•327 views

CVE-2022-36946

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

7.5CVSS7.2AI score0.04664EPSS

CVE•added 2022/03/02 11:15 p.m.•296 views

CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

6.5CVSS6.8AI score0.00243EPSS

CVE•added 2022/06/02 2:15 p.m.•274 views

CVE-2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols ...

5.7CVSS6.7AI score0.00467EPSS

CVE•added 2022/05/26 5:15 p.m.•255 views

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols:...

8.1CVSS8AI score0.00267EPSS

CVE•added 2022/06/02 2:15 p.m.•232 views

CVE-2022-27775

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

7.5CVSS7.1AI score0.00135EPSS