Vulnerabilities > Netapp > Solidfire
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-01 | CVE-2021-22876 | Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. | 5.3 |
| 2021-03-05 | CVE-2021-28041 | Double Free vulnerability in multiple products ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | 7.1 |
| 2021-02-26 | CVE-2020-27223 | Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. | 5.3 |
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |
| 2021-01-12 | CVE-2021-23240 | Link Following vulnerability in multiple products selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. | 7.8 |
| 2021-01-12 | CVE-2021-23239 | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |
| 2021-01-08 | CVE-2020-8584 | Code Injection vulnerability in Netapp products Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | 10.0 |
| 2020-12-14 | CVE-2020-8286 | Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | 7.5 |
| 2020-12-14 | CVE-2020-8285 | Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | 7.5 |
| 2020-12-14 | CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | 3.7 |