High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-02	CVE-2022-27775	An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. network low complexity haxx debian netapp brocade splunk	7.5
2022-06-02	CVE-2022-27780	Server-Side Request Forgery (SSRF) vulnerability in multiple products The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. network low complexity haxx netapp splunk CWE-918	7.5
2022-06-02	CVE-2022-27781	Infinite Loop vulnerability in multiple products libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. network low complexity haxx debian netapp splunk CWE-835	7.5
2021-08-08	CVE-2021-38201	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. network low complexity linux netapp CWE-119	7.5
2021-08-08	CVE-2021-38202	Out-of-bounds Read vulnerability in multiple products fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. network low complexity linux netapp CWE-125	7.5
2021-08-07	CVE-2021-38160	Classic Buffer Overflow vulnerability in multiple products In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. local low complexity linux netapp debian redhat CWE-120	7.8
2020-12-14	CVE-2020-8286	Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. network low complexity haxx fedoraproject debian netapp apple siemens oracle splunk CWE-295	7.5
2020-12-14	CVE-2020-8285	Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. network low complexity haxx debian fedoraproject netapp apple oracle fujitsu siemens splunk CWE-674	7.5
2020-11-28	CVE-2020-29368	Race Condition vulnerability in multiple products An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. local high complexity linux netapp CWE-362	7.0