Vulnerabilities > Netapp > Storagegrid > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-10 | CVE-2022-23238 | Unspecified vulnerability in Netapp Storagegrid 11.6.0 Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. | 6.5 |
2022-03-04 | CVE-2022-23232 | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. | 4.9 |
2021-12-23 | CVE-2021-27006 | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | 4.4 |
2021-07-15 | CVE-2021-34558 | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
2021-01-26 | CVE-2021-3114 | Incorrect Calculation vulnerability in multiple products In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | 6.5 |
2020-07-15 | CVE-2020-14556 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 4.8 |
2020-04-15 | CVE-2020-2830 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). | 5.3 |
2020-04-15 | CVE-2020-2800 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). | 4.8 |
2020-04-15 | CVE-2020-2781 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). | 5.3 |