Vulnerabilities > Netapp > H410S Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-30 | CVE-2023-27535 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 5.9 |
| 2023-03-30 | CVE-2023-27536 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. | 5.9 |
| 2023-03-30 | CVE-2023-27537 | Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". | 5.9 |
| 2023-03-30 | CVE-2023-27538 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. | 5.5 |
| 2023-02-25 | CVE-2023-26545 | Double Free vulnerability in multiple products In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | 4.7 |
| 2023-02-23 | CVE-2023-23915 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. | 6.5 |
| 2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
| 2022-12-05 | CVE-2022-35260 | Out-of-bounds Write vulnerability in multiple products curl can be told to parse a `.netrc` file for credentials. | 6.5 |
| 2022-11-25 | CVE-2022-45887 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.9. | 4.7 |
| 2022-11-25 | CVE-2022-45888 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.9. | 6.4 |