Filtered by vendor Netapp
Subscribe
Filtered by product Ontap Select Deploy Administration Utility
Subscribe
Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45346 | 2 Netapp, Sqlite | 2 Ontap Select Deploy Administration Utility, Sqlite | 2024-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| ** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. | |||||
| CVE-2021-37600 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-04-11 | 1.2 LOW | 5.5 MEDIUM |
| ** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. | |||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2024-04-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product. | |||||
| CVE-2022-0897 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2024-04-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | |||||
| CVE-2021-3667 | 2 Netapp, Redhat | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt | 2024-04-01 | 3.5 LOW | 6.5 MEDIUM |
| An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3631 | 2 Netapp, Redhat | 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more | 2024-04-01 | 3.3 LOW | 6.3 MEDIUM |
| A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2021-3520 | 4 Lz4 Project, Netapp, Oracle and 1 more | 6 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 3 more | 2024-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | |||||
| CVE-2022-35737 | 3 Netapp, Splunk, Sqlite | 3 Ontap Select Deploy Administration Utility, Universal Forwarder, Sqlite | 2024-03-27 | N/A | 7.5 HIGH |
| SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | |||||
| CVE-2020-14155 | 6 Apple, Gitlab, Netapp and 3 more | 20 Macos, Gitlab, Active Iq Unified Manager and 17 more | 2024-03-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | |||||
| CVE-2023-25136 | 3 Fedoraproject, Netapp, Openbsd | 9 Fedora, 500f, 500f Firmware and 6 more | 2024-02-27 | N/A | 6.5 MEDIUM |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | |||||
| CVE-2023-24329 | 3 Fedoraproject, Netapp, Python | 6 Fedora, Active Iq Unified Manager, Management Services For Element Software and 3 more | 2024-02-04 | N/A | 7.5 HIGH |
| An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||||
| CVE-2023-0361 | 5 Debian, Fedoraproject, Gnu and 2 more | 7 Debian Linux, Fedora, Gnutls and 4 more | 2024-02-04 | N/A | 7.4 HIGH |
| A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | |||||
| CVE-2022-4292 | 2 Netapp, Vim | 2 Ontap Select Deploy Administration Utility, Vim | 2024-02-04 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0882. | |||||
| CVE-2021-4214 | 3 Debian, Libpng, Netapp | 3 Debian Linux, Libpng, Ontap Select Deploy Administration Utility | 2024-02-04 | N/A | 5.5 MEDIUM |
| A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. | |||||
| CVE-2022-1354 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-02-04 | N/A | 5.5 MEDIUM |
| A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | |||||
| CVE-2022-31676 | 6 Debian, Fedoraproject, Linux and 3 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-02-04 | N/A | 7.8 HIGH |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | |||||
| CVE-2022-34903 | 4 Debian, Fedoraproject, Gnupg and 1 more | 5 Debian Linux, Fedora, Gnupg and 2 more | 2024-02-04 | 5.8 MEDIUM | 6.5 MEDIUM |
| GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | |||||
| CVE-2022-2953 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2024-02-04 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | |||||
| CVE-2021-3999 | 3 Debian, Gnu, Netapp | 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more | 2024-02-04 | N/A | 7.8 HIGH |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | |||||
| CVE-2022-45061 | 3 Fedoraproject, Netapp, Python | 10 Fedora, Active Iq Unified Manager, Bootstrap Os and 7 more | 2024-02-04 | N/A | 7.5 HIGH |
| An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | |||||