Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Ontap Select Deploy Administration Utility
Total 114 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20284 2 Gnu, Netapp 3 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVE-2021-20197 4 Broadcom, Gnu, Netapp and 1 more 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more 2022-09-30 3.3 LOW 6.3 MEDIUM
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVE-2021-4147 3 Fedoraproject, Netapp, Redhat 3 Fedora, Ontap Select Deploy Administration Utility, Libvirt 2022-09-30 4.9 MEDIUM 6.5 MEDIUM
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
CVE-2021-3530 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2022-09-28 5.0 MEDIUM 7.5 HIGH
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
CVE-2021-35942 2 Gnu, Netapp 6 Glibc, Active Iq Unified Manager, E-series Santricity Os Controller and 3 more 2022-09-28 6.4 MEDIUM 9.1 CRITICAL
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
CVE-2021-45078 5 Debian, Fedoraproject, Gnu and 2 more 5 Debian Linux, Fedora, Binutils and 2 more 2022-09-28 6.8 MEDIUM 7.8 HIGH
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
CVE-2020-36332 4 Debian, Netapp, Redhat and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more 2022-09-20 5.0 MEDIUM 7.5 HIGH
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
CVE-2018-25032 7 Apple, Debian, Fedoraproject and 4 more 23 Mac Os X, Macos, Debian Linux and 20 more 2022-09-16 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2021-23017 5 F5, Fedoraproject, Netapp and 2 more 13 Nginx, Fedora, Ontap Select Deploy Administration Utility and 10 more 2022-09-14 6.8 MEDIUM 7.7 HIGH
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2021-25217 5 Debian, Fedoraproject, Isc and 2 more 25 Debian Linux, Fedora, Dhcp and 22 more 2022-09-13 3.3 LOW 7.4 HIGH
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
CVE-2022-34903 4 Debian, Fedoraproject, Gnupg and 1 more 5 Debian Linux, Fedora, Gnupg and 2 more 2022-09-09 5.8 MEDIUM 6.5 MEDIUM
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-0897 2 Netapp, Redhat 2 Ontap Select Deploy Administration Utility, Libvirt 2022-09-09 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
CVE-2021-3326 4 Fujitsu, Gnu, Netapp and 1 more 16 M10-1, M10-1 Firmware, M10-4 and 13 more 2022-09-03 5.0 MEDIUM 7.5 HIGH
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-3520 3 Lz4 Project, Netapp, Oracle 5 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 2 more 2022-09-03 7.5 HIGH 9.8 CRITICAL
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
CVE-2022-26488 3 Microsoft, Netapp, Python 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more 2022-09-03 4.4 MEDIUM 7.0 HIGH
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
CVE-2019-25013 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Fabric Operating System, Fedora, Glibc and 6 more 2022-09-02 7.1 HIGH 5.9 MEDIUM
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2020-35496 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2022-09-02 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-35494 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2022-09-02 5.8 MEDIUM 6.1 MEDIUM
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
CVE-2020-35495 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2022-09-02 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-35493 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2022-09-02 4.3 MEDIUM 5.5 MEDIUM
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.