Filtered by vendor Netapp Subscriptions
Filtered by product Ontap Select Deploy Administration Utility Subscriptions
Total 157 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-14145 3 Netapp, Openbsd, Redhat 11 Active Iq Unified Manager, Aff A700s, Aff A700s Firmware and 8 more 2024-11-21 5.9 Medium
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
CVE-2020-13871 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Cloud Backup and 9 more 2024-11-21 7.5 High
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-11-21 9.8 Critical
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-11-21 7.5 High
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2019-9169 5 Canonical, Gnu, Mcafee and 2 more 7 Ubuntu Linux, Glibc, Web Gateway and 4 more 2024-11-21 9.8 Critical
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2019-5509 1 Netapp 1 Ontap Select Deploy Administration Utility 2024-11-21 9.8 Critical
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
CVE-2019-5505 1 Netapp 1 Ontap Select Deploy Administration Utility 2024-11-21 9.8 Critical
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
CVE-2019-5504 1 Netapp 1 Ontap Select Deploy Administration Utility 2024-11-21 9.8 Critical
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
CVE-2019-3863 5 Debian, Libssh2, Netapp and 2 more 15 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 12 more 2024-11-21 N/A
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
CVE-2019-3862 6 Debian, Fedoraproject, Libssh2 and 3 more 7 Debian Linux, Fedora, Libssh2 and 4 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3861 5 Debian, Libssh2, Netapp and 2 more 6 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 3 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3860 4 Debian, Libssh2, Netapp and 1 more 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3859 5 Debian, Fedoraproject, Libssh2 and 2 more 5 Debian Linux, Fedora, Libssh2 and 2 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3858 6 Debian, Fedoraproject, Libssh2 and 3 more 7 Debian Linux, Fedora, Libssh2 and 4 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3857 7 Debian, Fedoraproject, Libssh2 and 4 more 17 Debian Linux, Fedora, Libssh2 and 14 more 2024-11-21 8.8 High
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3856 7 Debian, Fedoraproject, Libssh2 and 4 more 17 Debian Linux, Fedora, Libssh2 and 14 more 2024-11-21 8.8 High
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3855 8 Apple, Debian, Fedoraproject and 5 more 18 Xcode, Debian Linux, Fedora and 15 more 2024-11-21 8.8 High
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-25013 6 Broadcom, Debian, Fedoraproject and 3 more 12 Fabric Operating System, Debian Linux, Fedora and 9 more 2024-11-21 5.9 Medium
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2019-20388 7 Debian, Fedoraproject, Netapp and 4 more 34 Debian Linux, Fedora, Cloud Backup and 31 more 2024-11-21 7.5 High
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 91 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 88 more 2024-11-21 5.9 Medium
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).