Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-29824 |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. Published: May 02, 2022; 11:15:06 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-23308 |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Published: February 26, 2022; 12:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2021-3541 |
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. Published: July 09, 2021; 1:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-24977 |
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. Published: September 03, 2020; 8:15:10 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2019-1559 |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). Published: February 27, 2019; 6:29:00 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18314 |
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Published: December 07, 2018; 4:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-18313 |
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Published: December 07, 2018; 4:29:00 PM -0500 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2018-18312 |
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Published: December 05, 2018; 5:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-0735 |
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Published: October 29, 2018; 9:29:00 AM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. Published: June 07, 2018; 9:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2016-8610 |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Published: November 13, 2017; 5:29:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8544 |
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. Published: February 07, 2017; 12:59:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8960 |
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. Published: September 20, 2016; 10:59:00 PM -0400 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |