Vulnerabilities > Netapp > HCI Management Node > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-05 | CVE-2021-22922 | Improper Handling of Exceptional Conditions vulnerability in multiple products When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. | 6.5 |
2021-08-05 | CVE-2021-22923 | Insufficiently Protected Credentials vulnerability in multiple products When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. | 5.3 |
2021-08-05 | CVE-2021-22925 | Use of Uninitialized Resource vulnerability in multiple products curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. | 5.3 |
2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 5.5 |
2021-07-15 | CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. | 5.3 |
2021-07-07 | CVE-2021-22555 | Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. | 4.6 |
2021-06-02 | CVE-2021-3522 | Out-of-bounds Read vulnerability in multiple products GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | 5.5 |
2021-04-22 | CVE-2021-2163 | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). | 5.3 |
2021-04-22 | CVE-2021-2161 | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). | 5.9 |
2021-04-01 | CVE-2021-22876 | Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. | 5.3 |