Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ontap_select_deploy_administration_utility
(Netapp)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 157 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-09 | CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied... | Fedora, Active_iq_unified_manager, Bootstrap_os, E\-Series_performance_analyzer, Element_software, Hci, Management_services_for_element_software, Ontap_select_deploy_administration_utility, Python | 7.5 | ||
| 2022-11-23 | CVE-2022-40303 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | Ipados, Iphone_os, Macos, Tvos, Watchos, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Netapp_manageability_sdk, Ontap_select_deploy_administration_utility, Snapmanager, Libxml2 | 7.5 | ||
| 2022-12-05 | CVE-2022-4292 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | Ontap_select_deploy_administration_utility, Vim | 7.8 | ||
| 2023-02-03 | CVE-2023-25136 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | Fedora, 500f_firmware, A250_firmware, C250_firmware, Ontap_select_deploy_administration_utility, Openssh | 6.5 | ||
| 2023-02-15 | CVE-2023-0361 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data... | Debian_linux, Fedora, Gnutls, Active_iq_unified_manager, Converged_systems_advisor_agent, Ontap_select_deploy_administration_utility, Enterprise_linux | 7.4 | ||
| 2023-02-17 | CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | Fedora, Active_iq_unified_manager, Management_services_for_element_software, Management_services_for_netapp_hci, Ontap_select_deploy_administration_utility, Python | 7.5 | ||
| 2023-07-14 | CVE-2023-2975 | Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for... | Management_services_for_element_software_and_netapp_hci, Ontap_select_deploy_administration_utility, Openssl | 5.3 | ||
| 2023-07-17 | CVE-2023-38403 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | Macos, Debian_linux, Iperf3, Fedora, Clustered_data_ontap, Ontap_select_deploy_administration_utility | 7.5 | ||
| 2023-08-22 | CVE-2022-48064 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | Fedora, Binutils, Ontap_select_deploy_administration_utility | 5.5 | ||
| 2023-08-22 | CVE-2022-48065 | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | Fedora, Binutils, Ontap_select_deploy_administration_utility | 5.5 |