Filtered by vendor Netapp
Subscriptions
Filtered by product Ontap Select Deploy Administration Utility
Subscriptions
Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21989 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | 8.1 High |
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges. | ||||
| CVE-2020-15999 | 7 Debian, Fedoraproject, Freetype and 4 more | 10 Debian Linux, Fedora, Freetype and 7 more | 2025-02-05 | 9.6 Critical |
| Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2023-38403 | 7 Apple, Debian, Es and 4 more | 12 Macos, Debian Linux, Iperf3 and 9 more | 2024-11-27 | 7.5 High |
| iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | ||||
| CVE-2023-25136 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 10 Fedora, 500f, 500f Firmware and 7 more | 2024-11-21 | 6.5 Medium |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | ||||
| CVE-2023-20900 | 7 Debian, Fedoraproject, Linux and 4 more | 12 Debian Linux, Fedora, Linux Kernel and 9 more | 2024-11-21 | 7.1 High |
| A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | ||||
| CVE-2022-48065 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
| GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | ||||
| CVE-2022-48064 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | ||||
| CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | ||||
| CVE-2022-35737 | 4 Netapp, Redhat, Splunk and 1 more | 5 Ontap Select Deploy Administration Utility, Enterprise Linux, Rhel Eus and 2 more | 2024-11-21 | 7.5 High |
| SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | ||||
| CVE-2022-34903 | 5 Debian, Fedoraproject, Gnupg and 2 more | 6 Debian Linux, Fedora, Gnupg and 3 more | 2024-11-21 | 6.5 Medium |
| GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | ||||
| CVE-2022-34526 | 4 Debian, Fedoraproject, Libtiff and 1 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 6.5 Medium |
| A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. | ||||
| CVE-2022-31676 | 7 Debian, Fedoraproject, Linux and 4 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-11-21 | 7.8 High |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | ||||
| CVE-2022-2953 | 4 Debian, Libtiff, Netapp and 1 more | 4 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.5 Medium |
| LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | ||||
| CVE-2022-29824 | 6 Debian, Fedoraproject, Netapp and 3 more | 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more | 2024-11-21 | 6.5 Medium |
| In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | ||||
| CVE-2022-26488 | 3 Microsoft, Netapp, Python | 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 7.0 High |
| In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | ||||
| CVE-2022-25844 | 3 Angularjs, Fedoraproject, Netapp | 3 Angular, Fedora, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.3 Medium |
| The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. | ||||
| CVE-2022-24407 | 6 Cyrusimap, Debian, Fedoraproject and 3 more | 14 Cyrus-sasl, Debian Linux, Fedora and 11 more | 2024-11-21 | 8.8 High |
| In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | ||||
| CVE-2022-22844 | 4 Debian, Libtiff, Netapp and 1 more | 4 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.5 Medium |
| LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | ||||
| CVE-2022-1664 | 2 Debian, Netapp | 3 Debian Linux, Dpkg, Ontap Select Deploy Administration Utility | 2024-11-21 | 9.8 Critical |
| Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | ||||
| CVE-2022-1623 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-11-21 | 5.5 Medium |
| LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | ||||