Netapp Smi-s_provider
19 CVEs affecting Netapp Smi-s_provider. Latest disclosed: 2023-04-25. Critical: 0, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-8960 | High | 8.1 | 2016-09-21 | The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not di… |
CVE-2022-40304 | High | 7.8 | 2022-11-23 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic… |
CVE-2020-15862 | High | 7.8 | 2020-08-20 | Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. |
CVE-2020-15861 | High | 7.8 | 2020-08-20 | Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. |
CVE-2023-29552 | High | 7.5 | 2023-04-25 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use s… |
CVE-2022-1473 | High | 7.5 | 2022-05-03 | The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This f… |
CVE-2022-23308 | High | 7.5 | 2022-02-26 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
CVE-2020-1967 | High | 7.5 | 2020-04-21 | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a res… |
CVE-2020-7595 | High | 7.5 | 2020-01-21 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. |
CVE-2019-20388 | High | 7.5 | 2020-01-21 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. |
CVE-2016-8610 | High | 7.5 | 2017-11-13 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets… |
CVE-2022-2068 | High | 7.3 | 2022-06-21 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise she… |
CVE-2022-1292 | High | 7.3 | 2022-05-03 | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a man… |
CVE-2022-29824 | Medium | 6.5 | 2022-05-03 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in ou… |
CVE-2021-3541 | Medium | 6.5 | 2021-07-09 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. |
CVE-2022-1434 | Medium | 5.9 | 2022-05-03 | The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attack… |
CVE-2019-1559 | Medium | 5.9 | 2019-02-27 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can… |
CVE-2018-0735 | Medium | 5.9 | 2018-10-29 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorith… |
CVE-2022-1343 | Medium | 5.3 | 2022-05-03 | The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the r… |