This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Netapp First view 2017-02-07
Product Snapdrive Last view 2022-05-03
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:* 12
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:* 9

Related : CVE

  Date Alert Description
6.5 2022-05-03 CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

7.5 2022-02-26 CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

6.5 2021-07-09 CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

8.6 2021-05-19 CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

8.8 2021-05-18 CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

5.9 2021-05-14 CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

6.5 2020-09-04 CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

7.5 2020-01-21 CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5 2020-01-21 CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

5.9 2019-02-27 CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

9.8 2018-12-07 CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.1 2018-12-07 CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.8 2018-12-05 CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

5.9 2018-10-29 CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

7.5 2018-06-07 CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

7.5 2017-11-13 CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

7.5 2017-02-07 CVE-2015-8544

NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
12% (2) CWE-416 Use After Free
12% (2) CWE-125 Out-of-bounds Read
12% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (1) CWE-787 Out-of-bounds Write
6% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
6% (1) CWE-476 NULL Pointer Dereference
6% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
6% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
6% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
6% (1) CWE-203 Information Exposure Through Discrepancy
6% (1) CWE-200 Information Exposure
6% (1) CWE-190 Integer Overflow or Wraparound
6% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Snort® IPS/IDS

Date Description
2016-12-29 OpenSSL SSLv3 warning denial of service attempt
RuleID : 40843 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1379.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_238ae7dedba211e8b713b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing a security update.
File: fedora_2018-10ae521efa.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4226.nasl - Type: ACT_GATHER_INFO
2018-03-08 Name: The remote AIX host has a version of OpenSSL installed that is affected by a ...
File: aix_openssl_advisory22.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote host is affected by a TLS/SSL vulnerability.
File: screenos_JSA10808.nasl - Type: ACT_GATHER_INFO
2017-08-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2493.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-0286.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1658.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote PAN-OS host is affected by multiple vulnerabilities.
File: palo_alto_pan-os_8_0_3.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1030.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1042.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1041.nasl - Type: ACT_GATHER_INFO