Snapmanager

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-23	CVE-2022-40304	Double Free vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. local low complexity xmlsoft netapp apple CWE-415	7.8
2022-11-23	CVE-2022-40303	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. network low complexity xmlsoft netapp apple CWE-190	7.5
2022-06-21	CVE-2022-2068	OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. network low complexity openssl debian fedoraproject siemens netapp broadcom CWE-78 critical	9.8
2022-05-03	CVE-2022-1292	OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. network low complexity openssl debian netapp oracle fedoraproject CWE-78 critical	9.8
2022-05-03	CVE-2022-1343	Improper Certificate Validation vulnerability in multiple products The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. network low complexity openssl netapp CWE-295	5.3
2022-05-03	CVE-2022-1434	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. network high complexity openssl netapp CWE-327	5.9
2022-05-03	CVE-2022-1473	Incomplete Cleanup vulnerability in multiple products The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. network low complexity openssl netapp CWE-459	7.5
2022-05-03	CVE-2022-29824	Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer overflows. network low complexity xmlsoft fedoraproject debian netapp oracle CWE-190	6.5
2022-04-14	CVE-2022-22968	Improper Handling of Case Sensitivity vulnerability in multiple products In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. network low complexity vmware netapp oracle CWE-178	5.3
2022-02-26	CVE-2022-23308	Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. network low complexity xmlsoft fedoraproject debian apple netapp oracle CWE-416	7.5