Vulnerabilities > Netapp > Snapmanager

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-40304 Double Free vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
local
low complexity
xmlsoft netapp apple CWE-415
7.8
2022-11-23 CVE-2022-40303 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
network
low complexity
xmlsoft netapp apple CWE-190
7.5
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
9.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
9.8
2022-05-03 CVE-2022-1343 Improper Certificate Validation vulnerability in multiple products
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
network
low complexity
openssl netapp CWE-295
5.3
2022-05-03 CVE-2022-1434 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key.
network
high complexity
openssl netapp CWE-327
5.9
2022-05-03 CVE-2022-1473 Incomplete Cleanup vulnerability in multiple products
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries.
network
low complexity
openssl netapp CWE-459
7.5
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
network
low complexity
xmlsoft fedoraproject debian netapp oracle CWE-190
6.5
2022-04-14 CVE-2022-22968 Improper Handling of Case Sensitivity vulnerability in multiple products
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
network
low complexity
vmware netapp oracle CWE-178
5.3
2022-02-26 CVE-2022-23308 Use After Free vulnerability in multiple products
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5