Vulnerabilities > Netapp > H500S Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies.
network
low complexity
haxx netapp splunk
5.3
2022-06-02 CVE-2022-27780 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`.
network
low complexity
haxx netapp splunk CWE-918
7.5
2022-06-02 CVE-2022-27781 Infinite Loop vulnerability in multiple products
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
network
low complexity
haxx debian netapp splunk CWE-835
7.5
2022-06-02 CVE-2022-30115 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL.
network
low complexity
haxx netapp splunk CWE-319
4.3
2022-05-26 CVE-2022-1882 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called.
local
low complexity
linux netapp CWE-416
7.8
2022-05-26 CVE-2022-22576 Missing Authentication for Critical Function vulnerability in multiple products
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer.
network
low complexity
haxx debian netapp brocade splunk CWE-306
8.1
2022-05-25 CVE-2022-1678 An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
network
low complexity
linux netapp
7.5
2022-05-19 CVE-2022-1183 Reachable Assertion vulnerability in multiple products
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure.
network
low complexity
isc netapp CWE-617
7.5
2022-05-18 CVE-2022-1734 Use After Free vulnerability in multiple products
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
local
high complexity
linux debian netapp CWE-416
7.0
2022-05-17 CVE-2022-1116 Integer Overflow or Wraparound vulnerability in multiple products
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root.
local
low complexity
linux netapp CWE-190
7.8