Vulnerabilities > Netapp > Solidfire HCI Management Node
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-5178 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. | 9.8 |
| 2023-07-18 | CVE-2023-38426 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.4. | 9.1 |
| 2023-07-18 | CVE-2023-38428 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.4. | 9.1 |
| 2023-07-18 | CVE-2023-38431 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.8. | 9.1 |
| 2023-04-24 | CVE-2023-2007 | Improper Locking vulnerability in multiple products The specific flaw exists within the DPT I2O Controller driver. | 7.8 |
| 2022-10-24 | CVE-2022-43680 | Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 7.5 |
| 2022-08-24 | CVE-2021-4209 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in GnuTLS. | 6.5 |
| 2022-07-27 | CVE-2022-36946 | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | 7.5 |
| 2022-06-02 | CVE-2022-27774 | Insufficiently Protected Credentials vulnerability in multiple products An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | 5.7 |
| 2022-06-02 | CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | 7.5 |