Vulnerabilities > Netapp > Storagegrid
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-04 | CVE-2022-23233 | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. | 7.5 |
2022-02-11 | CVE-2022-23772 | Integer Overflow or Wraparound vulnerability in multiple products Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | 7.5 |
2022-02-11 | CVE-2022-23773 | Interpretation Conflict vulnerability in multiple products cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. | 7.5 |
2022-02-11 | CVE-2022-23806 | Unchecked Return Value vulnerability in multiple products Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | 9.1 |
2021-12-23 | CVE-2021-27006 | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | 4.4 |
2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |
2021-09-16 | CVE-2021-36160 | Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). | 7.5 |
2021-09-16 | CVE-2021-39275 | Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. | 9.8 |
2021-09-16 | CVE-2021-40438 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. | 9.0 |
2021-07-15 | CVE-2021-34558 | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |