Snapdrive NetApp Snapdrive

Do you want an email whenever new security vulnerabilities are reported in NetApp Snapdrive?

By the Year

In 2022 there have been 1 vulnerability in NetApp Snapdrive with an average score of 7.5 out of ten. Last year Snapdrive had 4 security vulnerabilities published. Right now, Snapdrive is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.05.

Year Vulnerabilities Average Score
2022 1 7.50
2021 4 7.45
2020 3 7.17
2019 1 5.90
2018 5 8.42

It may take a day or so for new Snapdrive vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Snapdrive Security Vulnerabilities

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2022-23308 7.5 - High - February 26, 2022

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Dangling pointer

A flaw was found in libxml2

CVE-2021-3541 6.5 - Medium - July 09, 2021

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

XEE

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

CVE-2021-3517 8.6 - High - May 19, 2021

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Memory Corruption

There's a flaw in libxml2 in versions before 2.9.11

CVE-2021-3518 8.8 - High - May 18, 2021

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Dangling pointer

A vulnerability found in libxml2 in versions before 2.9.11 shows

CVE-2021-3537 5.9 - Medium - May 14, 2021

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c

CVE-2020-24977 6.5 - Medium - September 04, 2020

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Out-of-bounds Read

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595 7.5 - High - January 21, 2020

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Infinite Loop

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10

CVE-2019-20388 7.5 - High - January 21, 2020

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Memory Leak

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL

CVE-2019-1559 5.9 - Medium - February 27, 2019

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Side Channel Attack

Perl before 5.26.3 has a buffer over-read via a crafted regular expression

CVE-2018-18313 9.1 - Critical - December 07, 2018

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Out-of-bounds Read

Perl before 5.26.3 has a buffer overflow via a crafted regular expression

CVE-2018-18314 9.8 - Critical - December 07, 2018

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Buffer Overflow

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression

CVE-2018-18312 9.8 - Critical - December 05, 2018

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Buffer Overflow

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack

CVE-2018-0735 5.9 - Medium - October 29, 2018

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Use of a Broken or Risky Cryptographic Algorithm

In Perl through 5.26.2, the Archive::Tar module

CVE-2018-12015 7.5 - High - June 07, 2018

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

insecure temporary file

A denial of service flaw was found in OpenSSL 0.9.8

CVE-2016-8610 7.5 - High - November 13, 2017

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

subscribe