Netapp

Clustered Data Ontap

144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-22576

Exploit
  • EPSS 0.27%
  • Veröffentlicht 26.05.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:03

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for th...

10

CVE-2022-1292

  • EPSS 46.34%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 13.08.2025 14:15:28

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut...

5.3

CVE-2022-1343

  • EPSS 0.13%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 05.05.2025 17:17:34

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the res...

5.9

CVE-2022-1434

  • EPSS 0.06%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 21.11.2024 06:40:43

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...

7.5

CVE-2022-1473

  • EPSS 0.28%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 05.05.2025 17:17:34

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically de...

6.5

CVE-2022-29824

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.05.2022 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...

7.5

CVE-2022-0778

Warnung
  • EPSS 7.81%
  • Veröffentlicht 15.03.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:22

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...

7.5

CVE-2022-23308

  • EPSS 0.06%
  • Veröffentlicht 26.02.2022 05:15:08
  • Zuletzt bearbeitet 05.05.2025 17:17:56

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

5.5

CVE-2021-0127

  • EPSS 0.07%
  • Veröffentlicht 09.02.2022 23:15:13
  • Zuletzt bearbeitet 05.05.2025 17:16:42

Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.

9.8

CVE-2022-23852

  • EPSS 1.71%
  • Veröffentlicht 24.01.2022 02:15:06
  • Zuletzt bearbeitet 05.05.2025 17:17:58

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.