Netapp

Clustered Data Ontap Antivirus Connector

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-40304

  • EPSS 0.11%
  • Published 23.11.2022 18:15:12
  • Last modified 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.5

CVE-2022-40303

  • EPSS 0.26%
  • Published 23.11.2022 00:15:11
  • Last modified 29.04.2025 05:15:43

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset,...

5.3

CVE-2022-2097

  • EPSS 0.41%
  • Published 05.07.2022 11:15:08
  • Last modified 21.11.2024 07:00:18

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't writte...

7.5

CVE-2022-1473

  • EPSS 0.28%
  • Published 03.05.2022 16:15:18
  • Last modified 05.05.2025 17:17:34

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically de...

5.9

CVE-2022-1434

  • EPSS 0.06%
  • Published 03.05.2022 16:15:18
  • Last modified 21.11.2024 06:40:43

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...

5.3

CVE-2022-1343

  • EPSS 0.13%
  • Published 03.05.2022 16:15:18
  • Last modified 05.05.2025 17:17:34

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the res...

10

CVE-2022-1292

  • EPSS 46.34%
  • Published 03.05.2022 16:15:18
  • Last modified 13.08.2025 14:15:28

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut...

6.5

CVE-2022-29824

Exploit
  • EPSS 0.05%
  • Published 03.05.2022 03:15:06
  • Last modified 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...

7.5

CVE-2022-0778

Warning
  • EPSS 7.81%
  • Published 15.03.2022 17:15:08
  • Last modified 21.11.2024 06:39:22

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...

7.5

CVE-2022-23308

  • EPSS 0.06%
  • Published 26.02.2022 05:15:08
  • Last modified 05.05.2025 17:17:56

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.