Vulnerabilities > Netapp > Solidfire Enterprise SDS HCI Storage Node > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-02	CVE-2022-27779	libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. network low complexity haxx netapp splunk	5.3
2022-06-02	CVE-2022-30115	Cleartext Transmission of Sensitive Information vulnerability in multiple products Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. network low complexity haxx netapp splunk CWE-319	4.3
2022-05-03	CVE-2022-1343	Improper Certificate Validation vulnerability in multiple products The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. network low complexity openssl netapp CWE-295	5.3
2022-05-03	CVE-2022-1434	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. network high complexity openssl netapp CWE-327	5.9
2022-04-19	CVE-2022-21426	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). network low complexity oracle debian netapp azul	5.3
2022-04-19	CVE-2022-21434	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network low complexity oracle debian netapp azul	5.3
2022-03-10	CVE-2021-3733	Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. network low complexity python redhat fedoraproject netapp CWE-400	6.5
2022-02-26	CVE-2020-36516	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products An issue was discovered in the Linux kernel through 5.16.11. network high complexity linux netapp CWE-327	5.9
2021-06-11	CVE-2021-22897	Exposure of Resource to Wrong Sphere vulnerability in multiple products curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. network low complexity haxx oracle netapp siemens splunk CWE-668	5.3
2021-02-17	CVE-2021-26932	An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. local low complexity linux fedoraproject debian netapp	5.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.