Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Ontap Select Deploy Administration Utility
Total 157 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2975 2 Netapp, Openssl 3 Management Services For Element Software And Netapp Hci, Ontap Select Deploy Administration Utility, Openssl 2024-10-14 N/A 5.3 MEDIUM
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.
CVE-2021-3156 8 Beyondtrust, Debian, Fedoraproject and 5 more 31 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 28 more 2024-09-19 7.2 HIGH 7.8 HIGH
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2024-6387 9 Amazon, Canonical, Debian and 6 more 20 Linux 2023, Ubuntu Linux, Debian Linux and 17 more 2024-09-14 N/A 8.1 HIGH
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVE-2016-20012 2 Netapp, Openbsd 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more 2024-08-06 4.3 MEDIUM 5.3 MEDIUM
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
CVE-2021-45346 2 Netapp, Sqlite 2 Ontap Select Deploy Administration Utility, Sqlite 2024-08-04 4.0 MEDIUM 4.3 MEDIUM
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
CVE-2021-37600 2 Kernel, Netapp 2 Util-linux, Ontap Select Deploy Administration Utility 2024-08-04 1.2 LOW 5.5 MEDIUM
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
CVE-2016-5195 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-07-24 7.2 HIGH 7.0 HIGH
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVE-2021-3449 12 Checkpoint, Debian, Fedoraproject and 9 more 167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more 2024-06-21 4.3 MEDIUM 5.9 MEDIUM
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2021-3520 4 Lz4 Project, Netapp, Oracle and 1 more 7 Lz4, Active Iq Unified Manager, Cloud Backup and 4 more 2024-06-06 7.5 HIGH 9.8 CRITICAL
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
CVE-2022-0897 2 Netapp, Redhat 2 Ontap Select Deploy Administration Utility, Libvirt 2024-04-01 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
CVE-2021-4147 3 Fedoraproject, Netapp, Redhat 3 Fedora, Ontap Select Deploy Administration Utility, Libvirt 2024-04-01 4.9 MEDIUM 6.5 MEDIUM
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
CVE-2021-3975 5 Canonical, Debian, Fedoraproject and 2 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-04-01 N/A 6.5 MEDIUM
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2021-3667 2 Netapp, Redhat 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt 2024-04-01 3.5 LOW 6.5 MEDIUM
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVE-2021-3631 2 Netapp, Redhat 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more 2024-04-01 3.3 LOW 6.3 MEDIUM
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2022-35737 3 Netapp, Splunk, Sqlite 3 Ontap Select Deploy Administration Utility, Universal Forwarder, Sqlite 2024-03-27 N/A 7.5 HIGH
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
CVE-2020-14155 6 Apple, Gitlab, Netapp and 3 more 20 Macos, Gitlab, Active Iq Unified Manager and 17 more 2024-03-27 5.0 MEDIUM 5.3 MEDIUM
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2022-48064 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-02-28 N/A 5.5 MEDIUM
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48065 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-02-28 N/A 5.5 MEDIUM
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2023-20900 6 Debian, Fedoraproject, Linux and 3 more 7 Debian Linux, Fedora, Linux Kernel and 4 more 2024-02-28 N/A 7.5 HIGH
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVE-2023-38403 6 Apple, Debian, Es and 3 more 7 Macos, Debian Linux, Iperf3 and 4 more 2024-02-28 N/A 7.5 HIGH
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.