Lucene search
K
NetappManageability Software Development Kit

15 matches found

CVE
CVE
added 2020/12/08 3:30 p.m.1193 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.710 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2021/05/14 7:50 p.m.618 views

CVE-2021-3537

Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...

5.9CVSS7AI score0.03503EPSS
In wild
CVE
CVE
added 2021/05/19 1:45 p.m.613 views

CVE-2021-3517

CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...

8.6CVSS8.4AI score0.0828EPSS
CVE
CVE
added 2021/07/09 4:2 p.m.506 views

CVE-2021-3541

CVE-2021-3541 describes a vulnerability in libxml2 where exponential entity expansion can bypass protections and cause a denial of service. The Initial Description confirms the flaw and its DoS impact, and connected documents (e.g., Astra Linux bulletin and BSNSA entries) reiterate libxml2 involv...

6.5CVSS7AI score0.01861EPSS
CVE
CVE
added 2019/12/24 3:12 p.m.480 views

CVE-2019-19956

Summary (CVE-2019-19956) libxml2 before 2.9.10 contains a memory leak in xmlParseBalancedChunkMemoryRecover (parser.c) related to newDoc->oldNs. This can lead to memory not being freed (partial impact noted) and, per mapped references, contributes to DoS scenarios. The CVSS data across sources...

7.5CVSS7.5AI score0.05515EPSS
CVE
CVE
added 2022/02/26 12:0 a.m.476 views

CVE-2022-23308

CVE-2022-23308 affects libxml2 before 2.9.13, caused by a use-after-free in ID/IDREF attributes in valid.c. The NVD data shows a CVSS 3.1 base score of 7.5 (NETWORK, PR:N, UI:N, S:U, C:N/I:N/A:H) and CVSS 2.0 base score of 4.3 (NETWORK, A:P). Connected advisories confirm the same flaw and referen...

7.5CVSS7.7AI score0.0601EPSS
CVE
CVE
added 2020/09/03 11:20 p.m.454 views

CVE-2020-24977

CVE-2020-24977 affects GNOME libxml2 up to version 2.9.10. The issue is a global buffer over-read in xmlEncodeEntitiesInternal (libxml2/entities.c), which can lead to information disclosure or crash conditions. The vulnerability was fixed in the commit 50f06b3e. Connected advisories corroborate l...

6.5CVSS6.9AI score0.03672EPSS
CVE
CVE
added 2021/05/18 11:20 a.m.446 views

CVE-2021-3518

CVE-2021-3518 details (libxml2): A use-after-free exists in libxml2 before v2.9.11 when processing crafted input files through an application linked with libxml2. This can impact confidentiality, integrity, and availability. The issue is triggered by processing a specially crafted file via libxml...

8.8CVSS8.4AI score0.03653EPSS
CVE
CVE
added 2022/05/03 12:0 a.m.411 views

CVE-2022-29824

Summary: CVE-2022-29824 affects libxml2 up to version 2.9.14. Several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) fail to check integer overflows, causing out-of-bounds memory writes when processing crafted XML files. This vulnerability also affects software that uses lib...

6.5CVSS6.8AI score0.0363EPSS
CVE
CVE
added 2020/05/11 4:41 p.m.364 views

CVE-2018-1285

CVE-2018-1285 affects Apache log4net up to version 2.0.9 (pre-2.0.10), where XML External Entity (XXE) processing is not disabled when parsing log4net configuration files, enabling XXE-based attacks in apps that accept attacker-controlled config. The connected IBM security bulletin confirms the v...

9.8CVSS7.1AI score0.17823EPSS
CVE
CVE
added 2022/11/23 12:0 a.m.354 views

CVE-2022-40304

CVE-2022-40304: libxml2 before 2.10.3 contains invalid XML entity definitions that can corrupt a hash table key, potentially triggering logic errors and, in at least one case, a double-free. Affected library is libxml2; CVSS v3.1 shows base score 7.8 (HIGH) with LOCAL access, high impact. Public ...

7.8CVSS6.9AI score0.06782EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.342 views

CVE-2024-56171

CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...

9.8CVSS7.2AI score0.0113EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.289 views

CVE-2025-24928

CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...

7.8CVSS7.5AI score0.00375EPSS