Netapp

Clustered Data Ontap

144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-46143

Exploit
  • EPSS 4.09%
  • Veröffentlicht 06.01.2022 04:15:07
  • Zuletzt bearbeitet 05.05.2025 17:17:28

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

5.3

CVE-2021-21707

Exploit
  • EPSS 0.62%
  • Veröffentlicht 29.11.2021 07:15:06
  • Zuletzt bearbeitet 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the ...

7

CVE-2021-21703

Exploit
  • EPSS 0.1%
  • Veröffentlicht 25.10.2021 06:15:06
  • Zuletzt bearbeitet 21.11.2024 05:48:52

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the c...

5.3

CVE-2021-21705

Exploit
  • EPSS 0.24%
  • Veröffentlicht 04.10.2021 04:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can ...

5.9

CVE-2021-21704

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.10.2021 04:15:07
  • Zuletzt bearbeitet 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and othe...

7.5

CVE-2021-22946

Exploit
  • EPSS 0.07%
  • Veröffentlicht 29.09.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:59

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This ...

5.9

CVE-2021-22947

Exploit
  • EPSS 0.19%
  • Veröffentlicht 29.09.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:59

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not ...

7

CVE-2021-41617

  • EPSS 0.37%
  • Veröffentlicht 26.09.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:32

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsC...

9.1

CVE-2021-22945

Exploit
  • EPSS 0.35%
  • Veröffentlicht 23.09.2021 13:15:08
  • Zuletzt bearbeitet 09.06.2025 15:15:25

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.