This page lists publicly disclosed CVE vulnerabilities affecting netapp h410c_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-54085 KEV | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | [email protected] | 10.0 | 61.20% | 2025-03-11 | 2026-06-17 |
| CVE-2025-24928 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | [email protected] | 7.8 | 0.38% | 2025-02-18 | 2026-06-17 |
| CVE-2024-56171 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | [email protected] | 7.8 | 1.13% | 2025-02-18 | 2026-06-17 |
| CVE-2025-0665 | libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 7.0 | 1.25% | 2025-02-05 | 2026-06-17 |
| CVE-2025-0167 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 3.4 | 0.66% | 2025-02-05 | 2026-06-17 |
| CVE-2024-40896 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. | [email protected] | 9.1 | 1.17% | 2024-12-23 | 2026-06-17 |
| CVE-2024-50602 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | [email protected] | 5.9 | 1.04% | 2024-10-27 | 2026-06-17 |
| CVE-2024-6119 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `other | [email protected] | 7.5 | 66.59% | 2024-09-03 | 2026-06-17 |
| CVE-2024-36958 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4(). | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.24% | 2024-05-30 | 2026-06-17 |
| CVE-2024-33602 | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.4 | 0.40% | 2024-05-06 | 2026-06-17 |
| CVE-2024-33601 | nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.3 | 1.07% | 2024-05-06 | 2026-06-17 |
| CVE-2024-33600 | nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 5.9 | 1.22% | 2024-05-06 | 2026-06-17 |
| CVE-2024-33599 | nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 8.1 | 1.31% | 2024-05-06 | 2026-06-17 |
| CVE-2024-28757 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | [email protected] | 7.5 | 2.01% | 2024-03-10 | 2026-06-17 |
| CVE-2023-5363 | Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have | [email protected] | 7.5 | 3.33% | 2023-10-25 | 2026-06-17 |
| CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | [email protected] | 5.5 | 0.28% | 2023-10-14 | 2026-06-17 |
| CVE-2023-4911 KEV | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | [email protected] | 7.8 | 81.42% | 2023-10-03 | 2026-06-17 |
| CVE-2023-4236 | A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | [email protected] | 7.5 | 2.15% | 2023-09-20 | 2026-06-17 |
| CVE-2023-4527 | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | [email protected] | 6.5 | 1.51% | 2023-09-18 | 2026-06-17 |
| CVE-2023-4813 | A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | [email protected] | 5.9 | 1.67% | 2023-09-12 | 2026-06-17 |