Vulnerabilities > Netapp > Ontap Select Deploy Administration Utility

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-20225 Out-of-bounds Write vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp CWE-787
6.7
2021-03-03 CVE-2020-27779 A flaw was found in grub2 in versions prior to 2.06.
local
high complexity
gnu redhat fedoraproject netapp
7.5
2021-03-03 CVE-2020-27749 Stack-based Buffer Overflow vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp CWE-121
6.7
2021-03-03 CVE-2020-25647 Out-of-bounds Write vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06.
7.6
2021-03-03 CVE-2020-25632 Use After Free vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp CWE-416
8.2
2021-03-03 CVE-2020-14372 Incomplete Blacklist vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled.
local
high complexity
gnu redhat fedoraproject netapp CWE-184
7.5
2021-02-26 CVE-2020-27618 Infinite Loop vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
local
low complexity
gnu netapp oracle debian CWE-835
5.5
2021-02-15 CVE-2021-23336 HTTP Request Smuggling vulnerability in multiple products
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.
5.9
2021-01-27 CVE-2021-3326 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
low complexity
gnu netapp oracle fujitsu debian CWE-617
7.5
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8