Filtered by vendor Netapp
Subscribe
Filtered by product Ontap Select Deploy Administration Utility
Subscribe
Total
144 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 14 Fedora, Grub, Ontap Select Deploy Administration Utility and 11 more | 2022-10-28 | 4.4 MEDIUM | 4.5 MEDIUM |
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | |||||
CVE-2019-17498 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 11 Debian Linux, Fedora, Libssh2 and 8 more | 2022-10-27 | 5.8 MEDIUM | 8.1 HIGH |
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | |||||
CVE-2022-0897 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | |||||
CVE-2022-29244 | 2 Netapp, Npmjs | 2 Ontap Select Deploy Administration Utility, Npm | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. | |||||
CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more | 2022-10-26 | 4.0 MEDIUM | 6.5 MEDIUM |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||||
CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Cloud Backup and 7 more | 2022-10-25 | 2.7 LOW | 5.7 MEDIUM |
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | |||||
CVE-2020-27779 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-10-21 | 6.9 MEDIUM | 7.5 HIGH |
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-27618 | 3 Gnu, Netapp, Oracle | 23 Glibc, 500f, 500f Firmware and 20 more | 2022-10-17 | 2.1 LOW | 5.5 MEDIUM |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | |||||
CVE-2021-3631 | 2 Netapp, Redhat | 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more | 2022-10-16 | 3.3 LOW | 6.3 MEDIUM |
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
CVE-2020-16593 | 2 Gnu, Netapp | 4 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2022-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. | |||||
CVE-2021-3517 | 6 Debian, Fedoraproject, Netapp and 3 more | 29 Debian Linux, Fedora, Active Iq Unified Manager and 26 more | 2022-10-04 | 7.5 HIGH | 8.6 HIGH |
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | |||||
CVE-2021-3518 | 6 Debian, Fedoraproject, Netapp and 3 more | 19 Debian Linux, Fedora, Active Iq Unified Manager and 16 more | 2022-10-04 | 6.8 MEDIUM | 8.8 HIGH |
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | |||||
CVE-2020-16592 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2022-09-30 | 4.3 MEDIUM | 5.5 MEDIUM |
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | |||||
CVE-2021-4147 | 3 Fedoraproject, Netapp, Redhat | 3 Fedora, Ontap Select Deploy Administration Utility, Libvirt | 2022-09-29 | 4.9 MEDIUM | 6.5 MEDIUM |
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | |||||
CVE-2021-3530 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2022-09-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | |||||
CVE-2021-45078 | 5 Debian, Fedoraproject, Gnu and 2 more | 5 Debian Linux, Fedora, Binutils and 2 more | 2022-09-28 | 6.8 MEDIUM | 7.8 HIGH |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | |||||
CVE-2020-36332 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | |||||
CVE-2021-23017 | 5 F5, Fedoraproject, Netapp and 2 more | 13 Nginx, Fedora, Ontap Select Deploy Administration Utility and 10 more | 2022-09-14 | 6.8 MEDIUM | 7.7 HIGH |
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | |||||
CVE-2021-25217 | 5 Debian, Fedoraproject, Isc and 2 more | 25 Debian Linux, Fedora, Dhcp and 22 more | 2022-09-13 | 3.3 LOW | 7.4 HIGH |
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. | |||||
CVE-2022-34903 | 4 Debian, Fedoraproject, Gnupg and 1 more | 5 Debian Linux, Fedora, Gnupg and 2 more | 2022-09-09 | 5.8 MEDIUM | 6.5 MEDIUM |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |