Netapp

Manageability Software Development Kit

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-40304

  • EPSS 0.11%
  • Published 23.11.2022 18:15:12
  • Last modified 28.04.2025 20:15:19

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

6.5

CVE-2022-29824

Exploit
  • EPSS 0.05%
  • Published 03.05.2022 03:15:06
  • Last modified 21.11.2024 06:59:45

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...

7.5

CVE-2022-23308

  • EPSS 0.06%
  • Published 26.02.2022 05:15:08
  • Last modified 05.05.2025 17:17:56

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

9.8

CVE-2021-3711

  • EPSS 2.75%
  • Published 24.08.2021 15:15:09
  • Last modified 21.11.2024 06:22:12

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...

7.4

CVE-2021-3712

Warning
  • EPSS 0.82%
  • Published 24.08.2021 15:15:09
  • Last modified 21.11.2024 06:22:13

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

6.5

CVE-2021-3541

  • EPSS 0.07%
  • Published 09.07.2021 17:15:07
  • Last modified 21.11.2024 06:21:48

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

8.6

CVE-2021-3517

  • EPSS 0.09%
  • Published 19.05.2021 14:15:07
  • Last modified 21.11.2024 06:21:44

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

8.8

CVE-2021-3518

  • EPSS 0.25%
  • Published 18.05.2021 12:15:08
  • Last modified 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Published 14.05.2021 20:15:16
  • Last modified 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Published 08.12.2020 16:15:11
  • Last modified 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...