CVSS: 7.8EPSS: 1%CPEs: 19EXPL: 0CVE-2023-2953 – openldap: null pointer dereference in ber_memalloc_x function
https://notcve.org/view.php?id=CVE-2023-2953
30 May 2023 — A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication. • http://seclists.org/fulldisclosure/2023/Jul/47 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27003
https://notcve.org/view.php?id=CVE-2021-27003
12 Oct 2021 — Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Clustered Data ONTAP versiones anteriores a 9.5P18, 9.6P15, 9.7P14, 9.8P5 y 9.9.1 carecen de un encabezado X-Frame-Options que podría permitir un ataque de clickjacking • https://security.netapp.com/advisory/ntap-20211012-0001 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26994
https://notcve.org/view.php?id=CVE-2021-26994
04 Jun 2021 — Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Clustered Data ONTAP versiones anteriores a 9.7P13 y 9.8P3, son susceptibles a una vulnerabilidad que podría permitir a cargas de trabajo individuales causar una Denegación de Servicio (DoS) en un nodo del clúster • https://security.netapp.com/advisory/NTAP-20210601-0001 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2021-3516 – libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3516
01 Jun 2021 — There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. Se encontró un fallo en xmllint de libxml2 en versiones anteriores a 2.9.11. Un atacante que es capaz de enviar un archivo diseñado para ser procesado por xmllint podría desencadenar un uso de la memoria previamente liberada. • https://bugzilla.redhat.com/show_bug.cgi?id=1954225 • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
19 May 2021 — There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcion... • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3518 – libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
https://notcve.org/view.php?id=CVE-2021-3518
18 May 2021 — There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. Se presenta un fallo en libxml2 en versiones anteriores a 2.9.11. Un atacante que pueda enviar un archivo diseñado para que sea procesado por una aplicación vinculada con libxml2 podría desencadenar un uso de la memoria previamente ... • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
14 May 2021 — A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una des... • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 33EXPL: 0CVE-2020-8590
https://notcve.org/view.php?id=CVE-2020-8590
08 Feb 2021 — Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.1P18 y 9.3P12, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data es establecido en verdadero • https://security.netapp.com/advisory/NTAP-20210208-0003 •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8578
https://notcve.org/view.php?id=CVE-2020-8578
08 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.3P20, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data se establece en true • https://security.netapp.com/advisory/NTAP-20210208-0002 •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8589
https://notcve.org/view.php?id=CVE-2020-8589
03 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar los nombres de otras Storage Virtual Machines (SVMs) y los nombres de archivo en esas SVM • https://security.netapp.com/advisory/ntap-20210201-0002 •