This page lists publicly disclosed CVE vulnerabilities affecting netapp h700s_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-54085 KEV | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | [email protected] | 10.0 | 61.20% | 2025-03-11 | 2026-06-17 |
| CVE-2025-24928 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | [email protected] | 7.8 | 0.38% | 2025-02-18 | 2026-06-17 |
| CVE-2024-56171 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | [email protected] | 7.8 | 1.13% | 2025-02-18 | 2026-06-17 |
| CVE-2025-0665 | libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 7.0 | 1.17% | 2025-02-05 | 2026-06-17 |
| CVE-2025-0167 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 3.4 | 0.64% | 2025-02-05 | 2026-06-17 |
| CVE-2024-40896 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. | [email protected] | 9.1 | 1.17% | 2024-12-23 | 2026-06-17 |
| CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 3.4 | 1.35% | 2024-12-11 | 2026-06-17 |
| CVE-2024-50602 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | [email protected] | 5.9 | 1.04% | 2024-10-27 | 2026-06-17 |
| CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 6.5 | 0.74% | 2024-09-11 | 2026-06-17 |
| CVE-2024-6119 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `other | [email protected] | 7.5 | 66.59% | 2024-09-03 | 2026-06-17 |
| CVE-2024-36958 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4(). | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.24% | 2024-05-30 | 2026-06-17 |
| CVE-2024-33602 | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.4 | 0.40% | 2024-05-06 | 2026-06-17 |
| CVE-2024-33601 | nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.3 | 1.07% | 2024-05-06 | 2026-06-17 |
| CVE-2024-33600 | nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 5.9 | 1.22% | 2024-05-06 | 2026-06-17 |
| CVE-2024-33599 | nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 8.1 | 1.31% | 2024-05-06 | 2026-06-17 |
| CVE-2024-2466 | libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). | 2499f714-1537-4658-8207-48ae4bb9eae9 | 6.5 | 1.30% | 2024-03-27 | 2026-06-17 |
| CVE-2024-2398 | When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 8.6 | 36.08% | 2024-03-27 | 2026-06-17 |
| CVE-2024-2379 | libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | 2499f714-1537-4658-8207-48ae4bb9eae9 | 6.3 | 1.71% | 2024-03-27 | 2026-06-17 |
| CVE-2024-2004 | When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no pr | 2499f714-1537-4658-8207-48ae4bb9eae9 | 3.5 | 1.68% | 2024-03-27 | 2026-06-17 |
| CVE-2024-28757 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | [email protected] | 7.5 | 2.01% | 2024-03-10 | 2026-06-17 |