netapp

hci_h610s_firmware

2 known vulnerabilities · sorted by CVSS score

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

netapp / hci_baseboard_management_controller+7

Network

Published Feb 5, 2025

CVE-2020-8573

MEDIUM6.5

The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).

netapp / hci_h610s_firmware

Network

Published Jun 29, 2020