Filtered by vendor Netapp
Subscribe
Filtered by product Ontap Select Deploy Administration Utility
Subscribe
Search
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37600 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-01-07 | 1.2 LOW | 5.5 MEDIUM |
| An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. | |||||
| CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-01-07 | 1.9 LOW | 5.5 MEDIUM |
| A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | |||||
| CVE-2022-48065 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2023-11-15 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | |||||
| CVE-2019-25013 | 5 Broadcom, Debian, Fedoraproject and 2 more | 10 Fabric Operating System, Debian Linux, Fedora and 7 more | 2023-11-09 | 7.1 HIGH | 5.9 MEDIUM |
| The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | |||||
| CVE-2022-0907 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. | |||||
| CVE-2023-2975 | 2 Netapp, Openssl | 3 Management Services For Element Software And Netapp Hci, Ontap Select Deploy Administration Utility, Openssl | 2023-07-27 | N/A | 5.3 MEDIUM |
| Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. | |||||
| CVE-2020-35522 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2022-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | |||||
| CVE-2020-35521 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2022-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | |||||
| CVE-2022-29824 | 4 Debian, Fedoraproject, Netapp and 1 more | 13 Debian Linux, Fedora, Active Iq Unified Manager and 10 more | 2022-07-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | |||||
| CVE-2021-3449 | 11 Checkpoint, Debian, Fedoraproject and 8 more | 163 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 160 more | 2022-07-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). | |||||
| CVE-2021-3537 | 6 Debian, Fedoraproject, Netapp and 3 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2022-07-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-1210 | 2 Libtiff, Netapp | 2 Libtiff, Ontap Select Deploy Administration Utility | 2022-07-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-20284 | 2 Gnu, Netapp | 3 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility | 2022-07-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-0897 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | |||||
| CVE-2021-45346 | 2 Netapp, Sqlite | 2 Ontap Select Deploy Administration Utility, Sqlite | 2022-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.. | |||||
| CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more | 2022-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||||
| CVE-2021-3667 | 2 Netapp, Redhat | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt | 2022-06-04 | 3.5 LOW | 6.5 MEDIUM |
| An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3631 | 2 Netapp, Redhat | 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more | 2022-06-04 | 3.3 LOW | 6.3 MEDIUM |
| A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2021-20197 | 4 Broadcom, Gnu, Netapp and 1 more | 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more | 2022-06-03 | 3.3 LOW | 6.3 MEDIUM |
| There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | |||||
| CVE-2021-31879 | 3 Broadcom, Gnu, Netapp | 8 Brocade Fabric Operating System Firmware, Wget, 500f and 5 more | 2022-05-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | |||||
| CVE-2020-27749 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-05-13 | 7.2 HIGH | 6.7 MEDIUM |
| A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-14301 | 2 Netapp, Redhat | 13 Ontap Select Deploy Administration Utility, Codeready Linux Builder, Enterprise Linux and 10 more | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | |||||
| CVE-2022-0924 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2022-05-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. | |||||
| CVE-2022-0909 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2022-05-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. | |||||
| CVE-2022-0908 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2022-05-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. | |||||
| CVE-2020-27618 | 3 Gnu, Netapp, Oracle | 23 Glibc, 500f, 500f Firmware and 20 more | 2022-05-12 | 2.1 LOW | 5.5 MEDIUM |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | |||||
| CVE-2020-14145 | 2 Netapp, Openbsd | 10 Active Iq Unified Manager, Aff A700s, Aff A700s Firmware and 7 more | 2022-04-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. | |||||
| CVE-2021-3559 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-04-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-22844 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2022-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | |||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2022-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product. | |||||
| CVE-2021-23336 | 6 Debian, Djangoproject, Fedoraproject and 3 more | 10 Debian Linux, Django, Fedora and 7 more | 2022-02-07 | 4.0 MEDIUM | 5.9 MEDIUM |
| The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | |||||
| CVE-2020-19144 | 3 Debian, Netapp, Simplesystems | 3 Debian Linux, Ontap Select Deploy Administration Utility, Libtiff | 2021-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. | |||||
| CVE-2019-16168 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2021-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | |||||
| CVE-2020-35493 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35495 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35494 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35507 | 3 Gnu, Netapp, Redhat | 5 Binutils, Hci Bootstrap Os, Ontap Select Deploy Administration Utility and 2 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. | |||||
| CVE-2020-35496 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2019-1559 | 7 Canonical, Debian, F5 and 4 more | 18 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 15 more | 2021-01-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | |||||