NetApp Snapdrive
By the Year
In 2024 there have been 0 vulnerabilities in NetApp Snapdrive . Snapdrive did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 7.00 |
| 2021 | 4 | 7.45 |
| 2020 | 3 | 7.17 |
| 2019 | 1 | 5.90 |
| 2018 | 5 | 8.42 |
It may take a day or so for new Snapdrive vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Snapdrive Security Vulnerabilities
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows
CVE-2022-29824
6.5 - Medium
- May 03, 2022
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Integer Overflow or Wraparound
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2022-23308
7.5 - High
- February 26, 2022
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Dangling pointer
A flaw was found in libxml2
CVE-2021-3541
6.5 - Medium
- July 09, 2021
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
XEE
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11
CVE-2021-3517
8.6 - High
- May 19, 2021
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Memory Corruption
There's a flaw in libxml2 in versions before 2.9.11
CVE-2021-3518
8.8 - High
- May 18, 2021
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Dangling pointer
A vulnerability found in libxml2 in versions before 2.9.11 shows
CVE-2021-3537
5.9 - Medium
- May 14, 2021
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
NULL Pointer Dereference
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c
CVE-2020-24977
6.5 - Medium
- September 04, 2020
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
Out-of-bounds Read
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-7595
7.5 - High
- January 21, 2020
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
Infinite Loop
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10
CVE-2019-20388
7.5 - High
- January 21, 2020
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
Memory Leak
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL
CVE-2019-1559
5.9 - Medium
- February 27, 2019
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Side Channel Attack
Perl before 5.26.3 has a buffer over-read via a crafted regular expression
CVE-2018-18313
9.1 - Critical
- December 07, 2018
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Out-of-bounds Read
Perl before 5.26.3 has a buffer overflow via a crafted regular expression
CVE-2018-18314
9.8 - Critical
- December 07, 2018
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Buffer Overflow
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression
CVE-2018-18312
9.8 - Critical
- December 05, 2018
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Buffer Overflow
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack
CVE-2018-0735
5.9 - Medium
- October 29, 2018
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Use of a Broken or Risky Cryptographic Algorithm
In Perl through 5.26.2, the Archive::Tar module
CVE-2018-12015
7.5 - High
- June 07, 2018
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
insecure temporary file
A denial of service flaw was found in OpenSSL 0.9.8
CVE-2016-8610
7.5 - High
- November 13, 2017
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Resource Exhaustion
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key
CVE-2015-8960
8.1 - High
- September 21, 2016
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp System Setup or by NetApp? Click the Watch button to subscribe.
