Vulnerabilities > Netapp > Ontap Select Deploy Administration Utility

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2023-08-31 CVE-2023-20900 Authentication Bypass by Capture-replay vulnerability in multiple products
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
7.5
2023-08-22 CVE-2022-48064 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c.
local
low complexity
gnu fedoraproject netapp CWE-770
5.5
2023-08-22 CVE-2022-48065 Memory Leak vulnerability in multiple products
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
local
low complexity
gnu netapp fedoraproject CWE-401
5.5
2023-07-17 CVE-2023-38403 Integer Overflow or Wraparound vulnerability in multiple products
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
network
low complexity
es debian fedoraproject netapp apple CWE-190
7.5
2023-07-14 CVE-2023-2975 Improper Authentication vulnerability in multiple products
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation.
network
low complexity
openssl netapp CWE-287
5.3
2023-02-17 CVE-2023-24329 Improper Input Validation vulnerability in multiple products
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
network
low complexity
python fedoraproject netapp CWE-20
7.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
2023-02-03 CVE-2023-25136 Double Free vulnerability in multiple products
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling.
network
high complexity
openbsd fedoraproject netapp CWE-415
6.5
2022-12-05 CVE-2022-4292 Use After Free in GitHub repository vim/vim prior to 9.0.0882.
local
low complexity
vim netapp
7.8