Filtered by vendor Netapp
Subscribe
Filtered by product Ontap Select Deploy Administration Utility
Subscribe
Total
144 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-27749 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-05-13 | 7.2 HIGH | 6.7 MEDIUM |
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-14301 | 2 Netapp, Redhat | 13 Ontap Select Deploy Administration Utility, Codeready Linux Builder, Enterprise Linux and 10 more | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | |||||
CVE-2020-14145 | 2 Netapp, Openbsd | 10 Active Iq Unified Manager, Aff A700s, Aff A700s Firmware and 7 more | 2022-04-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. | |||||
CVE-2021-3559 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-04-26 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. | |||||
CVE-2020-35448 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2022-04-26 | 4.3 MEDIUM | 3.3 LOW |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. | |||||
CVE-2021-20225 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-04-18 | 7.2 HIGH | 6.7 MEDIUM |
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-20233 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-04-18 | 7.2 HIGH | 8.2 HIGH |
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2022-04-18 | 4.3 MEDIUM | 5.3 MEDIUM |
** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product. | |||||
CVE-2019-19646 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | |||||
CVE-2019-19603 | 5 Apache, Netapp, Oracle and 2 more | 6 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 3 more | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | |||||
CVE-2019-19317 | 4 Netapp, Oracle, Siemens and 1 more | 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||||
CVE-2019-19645 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | |||||
CVE-2020-11656 | 5 Netapp, Oracle, Siemens and 2 more | 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | |||||
CVE-2020-11655 | 7 Canonical, Debian, Netapp and 4 more | 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | |||||
CVE-2019-13115 | 5 Debian, F5, Fedoraproject and 2 more | 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more | 2022-04-05 | 5.8 MEDIUM | 8.1 HIGH |
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. | |||||
CVE-2020-16590 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2022-03-23 | 4.3 MEDIUM | 5.5 MEDIUM |
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. | |||||
CVE-2020-16599 | 2 Gnu, Netapp | 5 Binutils, Cloud Backup, Hci Management Node and 2 more | 2022-03-23 | 4.3 MEDIUM | 5.5 MEDIUM |
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | |||||
CVE-2020-16591 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2022-03-23 | 4.3 MEDIUM | 5.5 MEDIUM |
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. | |||||
CVE-2021-23336 | 6 Debian, Djangoproject, Fedoraproject and 3 more | 12 Debian Linux, Django, Fedora and 9 more | 2022-03-04 | 4.0 MEDIUM | 5.9 MEDIUM |
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | |||||
CVE-2021-3541 | 4 Netapp, Oracle, Redhat and 1 more | 27 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 24 more | 2022-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. |