Smi-s Provider@- Security Vulnerabilities and Issues — Smi-s Provider@- CVE List

Lucene search

NetappSmi-s Provider-

8 matches found

CVE•added 2022/05/03 4:15 p.m.•1125 views

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the s...

10CVSS9AI score0.6768EPSS

CVE•added 2022/06/21 3:15 p.m.•1118 views

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there ...

10CVSS9.2AI score0.7123EPSS

CVE•added 2022/02/26 5:15 a.m.•410 views

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5CVSS7.7AI score0.00044EPSS

CVE•added 2022/05/03 3:15 a.m.•355 views

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer ...

6.5CVSS6.8AI score0.00041EPSS

CVE•added 2022/11/23 6:15 p.m.•285 views

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.8CVSS6.9AI score0.00079EPSS

CVE•added 2022/05/03 4:15 p.m.•215 views

CVE-2022-1473

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will ...

7.5CVSS8.2AI score0.00238EPSS

CVE•added 2022/05/03 4:15 p.m.•183 views

CVE-2022-1343

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is an...

5.3CVSS7AI score0.00127EPSS

CVE•added 2022/05/03 4:15 p.m.•169 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient...

5.9CVSS7.3AI score0.00059EPSS