Lucene search
K
NetappSnapdrive

18 matches found

CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2020/01/21 10:54 p.m.623 views

CVE-2020-7595

CVE-2020-7595 affects libxml2, specifically the xmlStringLenDecodeEntities function in parser.c of version 2.9.10, which can enter an infinite loop in certain end-of-file situations. Several connected advisories (e.g., ASA-202011-15) corroborate the issue and describe the impact as potential deni...

7.5CVSS7.6AI score0.07836EPSS
CVE
CVE
added 2021/05/14 7:50 p.m.618 views

CVE-2021-3537

Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...

5.9CVSS7AI score0.03503EPSS
In wild
CVE
CVE
added 2021/05/19 1:45 p.m.613 views

CVE-2021-3517

CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...

8.6CVSS8.4AI score0.0828EPSS
CVE
CVE
added 2020/01/21 10:53 p.m.573 views

CVE-2019-20388

CVE-2019-20388 affects libxml2 2.9.10. The Broadcom advisory BSNSA36819 confirms a memory leak in xmlSchemaValidateStream (xmlschemas.c) that can impact availability (memory exhaustion) when processing XML schemas. Affected component: libxml2’s xmlSchemaValidateStream; root cause relates to a lea...

7.5CVSS7.6AI score0.04387EPSS
CVE
CVE
added 2018/10/29 1:0 p.m.569 views

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

5.9CVSS5.7AI score0.04763EPSS
CVE
CVE
added 2021/07/09 4:2 p.m.506 views

CVE-2021-3541

CVE-2021-3541 describes a vulnerability in libxml2 where exponential entity expansion can bypass protections and cause a denial of service. The Initial Description confirms the flaw and its DoS impact, and connected documents (e.g., Astra Linux bulletin and BSNSA entries) reiterate libxml2 involv...

6.5CVSS7AI score0.01861EPSS
CVE
CVE
added 2022/02/26 12:0 a.m.476 views

CVE-2022-23308

CVE-2022-23308 affects libxml2 before 2.9.13, caused by a use-after-free in ID/IDREF attributes in valid.c. The NVD data shows a CVSS 3.1 base score of 7.5 (NETWORK, PR:N, UI:N, S:U, C:N/I:N/A:H) and CVSS 2.0 base score of 4.3 (NETWORK, A:P). Connected advisories confirm the same flaw and referen...

7.5CVSS7.7AI score0.0601EPSS
CVE
CVE
added 2020/09/03 11:20 p.m.454 views

CVE-2020-24977

CVE-2020-24977 affects GNOME libxml2 up to version 2.9.10. The issue is a global buffer over-read in xmlEncodeEntitiesInternal (libxml2/entities.c), which can lead to information disclosure or crash conditions. The vulnerability was fixed in the commit 50f06b3e. Connected advisories corroborate l...

6.5CVSS6.9AI score0.03672EPSS
CVE
CVE
added 2021/05/18 11:20 a.m.446 views

CVE-2021-3518

CVE-2021-3518 details (libxml2): A use-after-free exists in libxml2 before v2.9.11 when processing crafted input files through an application linked with libxml2. This can impact confidentiality, integrity, and availability. The issue is triggered by processing a specially crafted file via libxml...

8.8CVSS8.4AI score0.03653EPSS
CVE
CVE
added 2022/05/03 12:0 a.m.411 views

CVE-2022-29824

Summary: CVE-2022-29824 affects libxml2 up to version 2.9.14. Several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) fail to check integer overflows, causing out-of-bounds memory writes when processing crafted XML files. This vulnerability also affects software that uses lib...

6.5CVSS6.8AI score0.0363EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.309 views

CVE-2018-12015

CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...

7.5CVSS7.6AI score0.07343EPSS
CVE
CVE
added 2017/11/13 10:0 p.m.305 views

CVE-2016-8610

CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...

7.5CVSS7.4AI score0.39657EPSS
CVE
CVE
added 2018/12/07 9:0 p.m.265 views

CVE-2018-18313

Perl before 5.26.3 is affected by a buffer over-read triggered by crafted regular expressions, which can disclose sensitive data from process memory. Public sources (e.g., USN-3834-1, Debian/CVE trackers) confirm CVE-2018-18313 and list affected platforms, noting that upgrading to Perl 5.26.3 or ...

9.1CVSS8.9AI score0.09524EPSS
CVE
CVE
added 2018/12/05 10:0 p.m.227 views

CVE-2018-18312

Perl 5.26.3 and 5.28.0 before 5.28.1 are affected by CVE-2018-18312 due to a buffer overflow in handling crafted regular expressions (regcomp.c). The issue enables invalid writes when parsing certain regex patterns. Affected versions: Perl before 5.26.3 and 5.28.0 before 5.28.1. Fixes are availab...

9.8CVSS9.4AI score0.12093EPSS
CVE
CVE
added 2018/12/07 9:0 p.m.222 views

CVE-2018-18314

CVE-2018-18314 affects Perl before 5.26.3, with a buffer overflow triggered by a crafted regular expression that leads to invalid write operations during compilation. Connected sources corroborate the issue and mention related details, including a root cause in regcomp.c (S_regatom) and potential...

9.8CVSS9.4AI score0.0606EPSS
CVE
CVE
added 2016/09/21 1:0 a.m.120 views

CVE-2015-8960

The CVE-2015-8960 entry concerns TLS protocol versions 1.2 and earlier. The root cause is that certain ClientCertificateType values (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) are supported but the protocol does not document the ability to compute the master secret in scenarios...

8.1CVSS7.8AI score0.01947EPSS
CVE
CVE
added 2017/02/07 5:0 p.m.44 views

CVE-2015-8544

CVE-2015-8544 affects NetApp SnapDrive for Windows. The vulnerability could allow a remote attacker to obtain sensitive information due to disclosure of data in cleartext. Affected versions include SnapDrive for Windows 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1; IBM's bulletin specifies affected rel...

7.5CVSS7.2AI score0.01967EPSS