NetApp SnapDrive for Unix

CPE Details

NetApp SnapDrive for Unix
netapp
snapdrive
-
2019-02-25
17h30 +00:00
2021-05-06
13h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*

Informations

Vendor

netapp

Product

snapdrive

Version

-

Target Software

unix

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29824 2022-05-02 22h00 +00:00 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
6.5
Medium
CVE-2022-23308 2022-02-25 23h00 +00:00 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5
High
CVE-2021-3541 2021-07-09 14h02 +00:00 A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
6.5
Medium
CVE-2020-24977 2020-09-03 21h20 +00:00 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
6.5
Medium
CVE-2019-1559 2019-02-27 23h00 +00:00 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
5.9
Medium
CVE-2018-18313 2018-12-07 20h00 +00:00 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
9.1
Critical
CVE-2018-18314 2018-12-07 20h00 +00:00 Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
9.8
Critical
CVE-2018-18312 2018-12-05 21h00 +00:00 Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
9.8
Critical
CVE-2018-0735 2018-10-29 13h00 +00:00 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
5.9
Medium
CVE-2018-12015 2018-06-07 11h00 +00:00 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
7.5
High
CVE-2016-8610 2017-11-13 22h00 +00:00 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
7.5
High
CVE-2015-8544 2017-02-07 16h00 +00:00 NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
7.5
High
CVE-2015-8960 2016-09-20 23h00 +00:00 The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
8.1
High