CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
19 May 2021 — There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcion... • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3518 – libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
https://notcve.org/view.php?id=CVE-2021-3518
18 May 2021 — There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. Se presenta un fallo en libxml2 en versiones anteriores a 2.9.11. Un atacante que pueda enviar un archivo diseñado para que sea procesado por una aplicación vinculada con libxml2 podría desencadenar un uso de la memoria previamente ... • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
14 May 2021 — A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una des... • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21702 – Null Dereference in SoapClient
https://notcve.org/view.php?id=CVE-2021-21702
15 Feb 2021 — In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. En PHP versiones 7.3.x por debajo de 7.3.27, 7.4.x por debajo de 7.4.15 y 8.0.x por debajo de 8.0.2, cuando se usa la extensión SOAP para conectarse a un servidor SOAP, un servidor SOAP malicioso podría devolver datos XML malformados como ... • https://bugs.php.net/bug.php?id=80672 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 6%CPEs: 6EXPL: 1CVE-2020-7071 – FILTER_VALIDATE_URL accepts URLs with invalid userinfo
https://notcve.org/view.php?id=CVE-2020-7071
15 Feb 2021 — In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. En PHP versiones 7.3.x por debajo de 7.3.26, 7.4.x por debajo de 7.4.14 y 8.0.0, cuando se comprueba una URL con funciones como filter_var ($url, FILTER_VALIDATE_URL), PHP aceptará u... • https://bugs.php.net/bug.php?id=77423 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 33EXPL: 0CVE-2020-8590
https://notcve.org/view.php?id=CVE-2020-8590
08 Feb 2021 — Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.1P18 y 9.3P12, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data es establecido en verdadero • https://security.netapp.com/advisory/NTAP-20210208-0003 •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8578
https://notcve.org/view.php?id=CVE-2020-8578
08 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.3P20, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data se establece en true • https://security.netapp.com/advisory/NTAP-20210208-0002 •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8589
https://notcve.org/view.php?id=CVE-2020-8589
03 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar los nombres de otras Storage Virtual Machines (SVMs) y los nombres de archivo en esas SVM • https://security.netapp.com/advisory/ntap-20210201-0002 •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8588
https://notcve.org/view.php?id=CVE-2020-8588
03 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar la existencia de datos en otras Storage Virtual Machines (SVMs) • https://security.netapp.com/advisory/ntap-20210201-0001 •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8581
https://notcve.org/view.php?id=CVE-2020-8581
19 Jan 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5, son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado pero no autorizado sobrescribir datos arbitrarios cuando la compatibilidad con VMware vStorage está habilitada • https://security.netapp.com/advisory/ntap-20210119-0001 •