Netapp

Manageability Software Development Kit

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2025-24928

  • EPSS 0.03%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 03.11.2025 22:18:40

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

9.8

CVE-2024-56171

  • EPSS 0.04%
  • Veröffentlicht 18.02.2025 22:15:12
  • Zuletzt bearbeitet 03.11.2025 21:17:50

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity...

7.8

CVE-2022-40304

  • EPSS 0.11%
  • Veröffentlicht 23.11.2022 18:15:12
  • Zuletzt bearbeitet 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

6.5

CVE-2022-29824

Exploit
  • EPSS 0.07%
  • Veröffentlicht 03.05.2022 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...

7.5

CVE-2022-23308

  • EPSS 0.06%
  • Veröffentlicht 26.02.2022 05:15:08
  • Zuletzt bearbeitet 05.05.2025 17:17:56

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

9.8

CVE-2021-3711

  • EPSS 2.35%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:12

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...

7.4

CVE-2021-3712

Warnung
  • EPSS 0.49%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:13

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

6.5

CVE-2021-3541

  • EPSS 0.06%
  • Veröffentlicht 09.07.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:48

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

8.6

CVE-2021-3517

  • EPSS 0.08%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 02.12.2025 22:16:07

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

8.8

CVE-2021-3518

  • EPSS 0.23%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...