Vulnerabilities > Netapp > Solidfire Enterprise SDS HCI Storage Node > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-02	CVE-2022-27780	Server-Side Request Forgery (SSRF) vulnerability in multiple products The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. network low complexity haxx netapp splunk CWE-918	7.5
2022-06-02	CVE-2022-27781	Infinite Loop vulnerability in multiple products libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. network low complexity haxx debian netapp splunk CWE-835	7.5
2022-05-12	CVE-2022-30594	Missing Authorization vulnerability in multiple products The Linux kernel before 5.17.2 mishandles seccomp permissions. local low complexity linux debian netapp CWE-862	7.8
2022-05-03	CVE-2022-1473	Incomplete Cleanup vulnerability in multiple products The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. network low complexity openssl netapp CWE-459	7.5
2022-04-19	CVE-2022-21449	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network low complexity oracle debian netapp azul	7.5
2022-04-11	CVE-2022-28893	Use After Free vulnerability in multiple products The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. local low complexity linux netapp debian CWE-416	7.8
2022-04-08	CVE-2022-28796	Race Condition vulnerability in multiple products jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. local high complexity linux redhat fedoraproject netapp CWE-362	7.0
2022-03-03	CVE-2022-0492	Missing Authorization vulnerability in multiple products A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. local low complexity linux debian redhat canonical fedoraproject netapp CWE-862	7.8
2022-02-26	CVE-2022-23308	Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. network low complexity xmlsoft fedoraproject debian apple netapp oracle CWE-416	7.5
2022-02-18	CVE-2021-20322	Use of Insufficiently Random Values vulnerability in multiple products A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. network high complexity linux fedoraproject debian netapp oracle CWE-330	7.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.