Vulnerabilities > Netapp > HCI Management Node > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5
2022-07-07 CVE-2022-32208 Out-of-bounds Write vulnerability in multiple products
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
network
high complexity
haxx fedoraproject debian netapp apple splunk CWE-787
5.9
2022-04-19 CVE-2022-21496 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI).
network
low complexity
oracle netapp debian azul
5.3
2022-03-25 CVE-2021-4203 A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel.
network
high complexity
linux netapp oracle
6.8
2022-02-16 CVE-2021-3753 A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE).
local
high complexity
linux redhat netapp
4.7
2021-11-15 CVE-2021-42373 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42374 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.
local
high complexity
busybox fedoraproject netapp CWE-125
5.3
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5