Vulnerabilities > Netapp > HCI Bootstrap OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4209 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in GnuTLS.
network
low complexity
gnu redhat netapp CWE-476
6.5
2022-07-27 CVE-2022-36879 An issue was discovered in the Linux kernel through 5.18.14.
local
low complexity
linux debian netapp
5.5
2022-06-02 CVE-2022-27774 Insufficiently Protected Credentials vulnerability in multiple products
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
network
low complexity
haxx debian netapp brocade splunk CWE-522
5.7
2022-06-02 CVE-2022-27776 Insufficiently Protected Credentials vulnerability in multiple products
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
6.5
2022-06-02 CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies.
network
low complexity
haxx netapp splunk
5.3
2022-06-02 CVE-2022-30115 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL.
network
low complexity
haxx netapp splunk CWE-319
4.3
2021-08-08 CVE-2021-38199 fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
low complexity
linux netapp debian
6.5
2021-08-08 CVE-2021-38203 Improper Locking vulnerability in multiple products
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
local
low complexity
linux netapp CWE-667
5.5
2020-05-09 CVE-2020-12771 Improper Locking vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.6.11.
5.5
2019-05-23 CVE-2019-0201 Missing Authorization vulnerability in multiple products
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.
network
high complexity
apache debian redhat oracle netapp CWE-862
5.9