Ontap Select Deploy Administration Utility

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-01	CVE-2024-6387	Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). network high complexity openbsd redhat suse debian canonical amazon netapp freebsd netbsd CWE-362	8.1
2023-08-31	CVE-2023-20900	Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . high complexity vmware fedoraproject debian netapp CWE-294	7.5
2023-08-22	CVE-2022-48064	Allocation of Resources Without Limits or Throttling vulnerability in multiple products GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. local low complexity gnu fedoraproject netapp CWE-770	5.5
2023-08-22	CVE-2022-48065	Memory Leak vulnerability in multiple products GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. local low complexity gnu netapp fedoraproject CWE-401	5.5
2023-07-17	CVE-2023-38403	Integer Overflow or Wraparound vulnerability in multiple products iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. network low complexity es debian fedoraproject netapp apple CWE-190	7.5
2023-07-14	CVE-2023-2975	Improper Authentication vulnerability in multiple products Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. network low complexity openssl netapp CWE-287	5.3
2023-02-17	CVE-2023-24329	Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. network low complexity python fedoraproject netapp CWE-20	7.5
2023-02-15	CVE-2023-0361	Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. network high complexity gnu redhat debian fedoraproject netapp CWE-203	7.4
2023-02-03	CVE-2023-25136	Double Free vulnerability in multiple products OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. network high complexity openbsd fedoraproject netapp CWE-415	6.5
2022-12-05	CVE-2022-4292	Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 9.0.0882. local low complexity vim netapp CWE-416	7.8