This page lists publicly disclosed CVE vulnerabilities affecting netapp solidfire_baseboard_management_controller_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-42252 | An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | [email protected] | 7.8 | 0.36% | 2021-10-11 | 2024-11-21 |
| CVE-2021-42008 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | [email protected] | 7.8 | 1.49% | 2021-10-05 | 2024-11-21 |
| CVE-2021-41864 | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | [email protected] | 7.8 | 0.38% | 2021-10-02 | 2024-11-21 |
| CVE-2021-22947 | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, th | [email protected] | 5.9 | 2.80% | 2021-09-29 | 2026-04-16 |
| CVE-2021-22946 | A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possi | [email protected] | 7.5 | 4.22% | 2021-09-29 | 2026-04-16 |
| CVE-2021-22945 | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | [email protected] | 9.1 | 6.22% | 2021-09-23 | 2025-06-09 |
| CVE-2021-22924 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issue | [email protected] | 3.7 | 6.27% | 2021-08-05 | 2025-06-09 |
| CVE-2021-3612 | An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | [email protected] | 7.8 | 0.69% | 2021-07-09 | 2024-11-21 |
| CVE-2021-22901 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. | [email protected] | 8.1 | 60.12% | 2021-06-11 | 2024-11-21 |
| CVE-2021-22897 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this wea | [email protected] | 5.3 | 2.98% | 2021-06-11 | 2026-05-28 |
| CVE-2019-25045 | An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | [email protected] | 7.8 | 0.50% | 2021-06-07 | 2024-11-21 |
| CVE-2020-25668 | A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | [email protected] | 7.0 | 1.03% | 2021-05-26 | 2024-11-21 |
| CVE-2021-22543 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | [email protected] | 8.7 | 0.66% | 2021-05-26 | 2024-11-21 |
| CVE-2020-25673 | A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | [email protected] | 5.5 | 0.48% | 2021-05-26 | 2024-11-21 |
| CVE-2020-25671 | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. | [email protected] | 7.8 | 0.51% | 2021-05-26 | 2024-11-21 |
| CVE-2020-25670 | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. | [email protected] | 7.8 | 0.61% | 2021-05-26 | 2024-11-21 |
| CVE-2021-33574 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | [email protected] | 9.8 | 2.90% | 2021-05-25 | 2024-11-21 |
| CVE-2020-25672 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | [email protected] | 7.5 | 3.23% | 2021-05-25 | 2024-11-21 |
| CVE-2021-31440 | This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute | [email protected] | 7.0 | 1.75% | 2021-05-21 | 2024-11-21 |
| CVE-2019-25044 | The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. | [email protected] | 7.8 | 0.65% | 2021-05-14 | 2024-11-21 |