Vulnerabilities > Netapp > Ontap Select Deploy Administration Utility
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-39689 | Insufficient Verification of Data Authenticity vulnerability in multiple products Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. | 7.5 |
| 2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
| 2024-04-17 | CVE-2024-21989 | Unspecified vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges. | 8.8 |
| 2024-04-17 | CVE-2024-21990 | Use of Hard-coded Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | 9.8 |
| 2024-02-29 | CVE-2024-26462 | Memory Leak vulnerability in multiple products Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. | 5.5 |
| 2023-10-03 | CVE-2023-4911 | Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. | 7.8 |
| 2023-08-31 | CVE-2023-20900 | Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2023-08-22 | CVE-2022-48064 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. | 5.5 |
| 2023-08-22 | CVE-2022-48065 | Memory Leak vulnerability in multiple products GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | 5.5 |
| 2023-07-25 | CVE-2023-37920 | Insufficient Verification of Data Authenticity vulnerability in multiple products Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. | 9.8 |