Vulnerabilities > Netapp > Storagegrid > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-3115 Uncontrolled Search Path Element vulnerability in multiple products
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
network
high complexity
golang fedoraproject netapp CWE-427
7.5
2020-04-15 CVE-2020-2816 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
network
low complexity
oracle netapp canonical debian opensuse
7.5
2020-04-15 CVE-2020-2805 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 8.3
2020-04-15 CVE-2020-2803 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 8.3
2020-03-13 CVE-2020-8571 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).
network
low complexity
netapp
7.5
2018-04-19 CVE-2018-2826 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp
8.3
2018-04-19 CVE-2018-2825 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp
8.3
2018-03-26 CVE-2018-1303 Out-of-bounds Read vulnerability in multiple products
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory.
network
low complexity
apache debian canonical netapp CWE-125
7.5
2018-03-26 CVE-2017-15715 Improper Input Validation vulnerability in multiple products
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename.
network
high complexity
apache debian canonical netapp redhat CWE-20
8.1
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5