Solidfire \& hci management node

This hub aggregates every CVE we track for Solidfire \& hci management node, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Solidfire \& hci management node.

• CVE-2025-24928libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untruste...7.8Feb 18, 2025
• CVE-2024-56171libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be ...7.8Feb 18, 2025
• CVE-2025-0725gzip integer overflow7.3Feb 5, 2025
• CVE-2025-0167netrc and default credential leak3.4Feb 5, 2025
• CVE-2024-40896In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by set...9.1Dec 23, 2024
• CVE-2024-50602An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.5.9Oct 27, 2024
• CVE-2024-36958NFSD: Fix nfsd4_encode_fattr4() crasher5.5May 30, 2024
• CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer strings7.4May 6, 2024
• CVE-2023-5178Kernel: use after free in nvmet_tcp_free_crypto in nvme8.8Nov 1, 2023
• CVE-2023-38426An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.9.1Jul 17, 2023
• CVE-2023-38428An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading...9.1Jul 17, 2023
• CVE-2023-38431An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, ...9.1Jul 17, 2023
• CVE-2023-2007The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunctio...7.8Apr 24, 2023
• CVE-2022-43680In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.7.5Oct 24, 2022
• CVE-2021-4209A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial ...6.5Aug 24, 2022