Vulnerabilities > Netapp > Ontap Select Deploy Administration Utility
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-09 | CVE-2019-19645 | Uncontrolled Recursion vulnerability in multiple products alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | 2.1 |
| 2019-12-05 | CVE-2019-19317 | Incorrect Conversion between Numeric Types vulnerability in multiple products lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |
| 2019-11-21 | CVE-2019-5509 | Code Injection vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | 7.5 |
| 2019-11-21 | CVE-2019-17272 | Improper Input Validation vulnerability in Netapp Ontap Select Deploy Administration Utility All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges. | 6.5 |
| 2019-10-21 | CVE-2019-17498 | Integer Overflow or Wraparound vulnerability in multiple products In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. | 8.1 |
| 2019-09-24 | CVE-2019-5505 | Insufficiently Protected Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | 5.0 |
| 2019-09-24 | CVE-2019-5504 | Improper Input Validation vulnerability in Netapp Ontap Select Deploy Administration Utility 2.12/2.12.1 ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | 7.5 |
| 2019-09-09 | CVE-2019-16168 | Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | 6.5 |
| 2019-07-16 | CVE-2019-13115 | Integer Overflow or Wraparound vulnerability in multiple products In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. | 8.1 |
| 2019-07-01 | CVE-2019-13118 | Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | 5.3 |