Filtered by vendor Netapp Subscriptions
Filtered by product Ontap Tools Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-6387 9 Amazon, Canonical, Debian and 6 more 24 Linux 2023, Ubuntu Linux, Debian Linux and 21 more 2024-11-24 8.1 High
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVE-2024-0565 3 Linux, Netapp, Redhat 6 Linux Kernel, Ontap Tools, Enterprise Linux and 3 more 2024-11-21 6.8 Medium
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
CVE-2023-36054 4 Debian, Mit, Netapp and 1 more 8 Debian Linux, Kerberos 5, Active Iq Unified Manager and 5 more 2024-11-21 6.5 Medium
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVE-2023-2953 4 Apple, Netapp, Openldap and 1 more 17 Macos, Active Iq Unified Manager, Clustered Data Ontap and 14 more 2024-11-21 7.5 High
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVE-2021-44228 13 Apache, Apple, Bentley and 10 more 167 Log4j, Xcode, Synchro and 164 more 2024-11-21 10.0 Critical
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2021-3156 9 Beyondtrust, Debian, Fedoraproject and 6 more 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more 2024-11-21 7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-28165 5 Eclipse, Jenkins, Netapp and 2 more 28 Jetty, Jenkins, Cloud Manager and 25 more 2024-11-21 7.5 High
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
CVE-2020-13817 5 Fujitsu, Netapp, Ntp and 2 more 41 M10-1, M10-1 Firmware, M10-4 and 38 more 2024-11-21 7.4 High
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.