Solidfire\, enterprise sds \& hci storage node

This hub aggregates every CVE we track for Solidfire\, enterprise sds \& hci storage node, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Solidfire\, enterprise sds \& hci storage node.

• CVE-2022-30115Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the h...4.3Jun 1, 2022
• CVE-2022-27780The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved...7.5Jun 1, 2022
• CVE-2022-27781libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make ...7.5Jun 1, 2022
• CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuil...5.3Jun 1, 2022
• CVE-2022-30594The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.7.8May 12, 2022
• CVE-2022-1473Resource leakage when decoding certificates and keys7.5May 3, 2022
• CVE-2022-1434Incorrect MAC key used in the RC4-MD5 ciphersuite5.9May 3, 2022
• CVE-2022-1343OCSP_basic_verify may incorrectly verify the response signing certificate5.3May 3, 2022
• CVE-2022-1292The c_rehash script allows command injection7.3May 3, 2022
• CVE-2022-21449Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Orac...7.5Apr 19, 2022
• CVE-2022-21434Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0....5.3Apr 19, 2022
• CVE-2022-21426Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 1...5.3Apr 19, 2022
• CVE-2022-28893The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.7.8Apr 11, 2022
• CVE-2022-28796jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.7.0Apr 8, 2022
• CVE-2021-3733There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression...6.5Mar 7, 2022