Netapp

Clustered Data Ontap

144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-46143

Exploit
  • EPSS 4.09%
  • Published 06.01.2022 04:15:07
  • Last modified 05.05.2025 17:17:28

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

5.3

CVE-2021-21707

Exploit
  • EPSS 0.62%
  • Published 29.11.2021 07:15:06
  • Last modified 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the ...

7

CVE-2021-21703

Exploit
  • EPSS 0.1%
  • Published 25.10.2021 06:15:06
  • Last modified 21.11.2024 05:48:52

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the c...

5.3

CVE-2021-21705

Exploit
  • EPSS 0.24%
  • Published 04.10.2021 04:15:08
  • Last modified 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can ...

5.9

CVE-2021-21704

Exploit
  • EPSS 0.13%
  • Published 04.10.2021 04:15:07
  • Last modified 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and othe...

7.5

CVE-2021-22946

Exploit
  • EPSS 0.07%
  • Published 29.09.2021 20:15:08
  • Last modified 21.11.2024 05:50:59

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This ...

5.9

CVE-2021-22947

Exploit
  • EPSS 0.19%
  • Published 29.09.2021 20:15:08
  • Last modified 21.11.2024 05:50:59

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not ...

7

CVE-2021-41617

  • EPSS 0.37%
  • Published 26.09.2021 19:15:07
  • Last modified 21.11.2024 06:26:32

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsC...

9.1

CVE-2021-22945

Exploit
  • EPSS 0.35%
  • Published 23.09.2021 13:15:08
  • Last modified 09.06.2025 15:15:25

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Published 16.09.2021 15:15:07
  • Last modified 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.