Vulnerabilities > Netapp > Clustered Data Ontap Antivirus Connector > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-05 | CVE-2022-2097 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. | 5.3 |
2022-05-03 | CVE-2022-1343 | Improper Certificate Validation vulnerability in multiple products The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. | 5.3 |
2022-05-03 | CVE-2022-1434 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. | 5.9 |
2022-05-03 | CVE-2022-29824 | Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. | 6.5 |
2021-07-09 | CVE-2021-3541 | XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. | 6.5 |
2021-05-14 | CVE-2021-3537 | NULL Pointer Dereference vulnerability in multiple products A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. | 5.9 |
2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |
2020-09-04 | CVE-2020-24977 | Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. | 6.5 |
2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |