Latest netapp ontap select deploy administration utility Vulnerabilities

CVE-2023-20900
[Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900)
debian/open-vm-tools<=2:12.2.5-1<=2:12.2.0-1<=2:11.2.5-2
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
VMware Tools>=10.3.0<12.3.0
Microsoft Windows
VMware Tools>=10.3.0<10.3.26
Linux Linux kernel
and 28 more
CVE-2022-48065
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
GNU Binutils<2.40
NetApp ONTAP Select Deploy administration utility
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/binutils<2.34-6ubuntu1.9
ubuntu/binutils<2.38-4ubuntu2.6
and 2 more
CVE-2022-48064
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted...
GNU Binutils<2.40
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp ONTAP Select Deploy administration utility
CVE-2023-2975
AES-SIV implementation ignores empty associated data entries
OpenSSL OpenSSL>=3.0.0<=3.0.9
OpenSSL OpenSSL>=3.1.0<=3.1.1
Netapp Management Services For Element Software And Netapp Hci
NetApp ONTAP Select Deploy administration utility
ubuntu/openssl<3.0.2-0ubuntu1.12
ubuntu/openssl<3.0.8-1ubuntu1.4
and 1 more
CVE-2023-38403
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
Es Iperf3<3.14
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Apple macOS Ventura<13.6.1
and 15 more
CVE-2023-24329
Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse component. By sending a specially-crafted request using URL starts with blank characters, an ...
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
redhat/python<3.11
ubuntu/python2.7<2.7.6-8ubuntu0.6+
ubuntu/python2.7<2.7.12-1ubuntu0~16.04.18+
ubuntu/python3.10<3.10.6-1~22.04.2ubuntu1.1
ubuntu/python3.10<3.10.7-1ubuntu0.4
and 23 more
CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote at...
Openssh Openssh=9.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp ONTAP Select Deploy administration utility
Netapp A250 Firmware
Netapp A250
and 11 more
CVE-2023-0361
GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in the handling of RSA ClientKeyExchange messages. By recovering the secret from the ClientKe...
redhat/gnutls<0:3.6.16-6.el8_7
redhat/gnutls<0:3.6.16-5.el8_6.1
redhat/gnutls<0:3.7.6-18.el9_1
redhat/gnutls<0:3.7.6-18.el9_0
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF004
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF020
and 11 more
CVE-2022-4292
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
Vim Vim<9.0.0882
NetApp ONTAP Select Deploy administration utility
ubuntu/vim<2:8.0.1453-1ubuntu1.13+
ubuntu/vim<2:8.1.2269-1ubuntu5.18
ubuntu/vim<2:8.2.3995-1ubuntu2.12
ubuntu/vim<9.0.0882
and 1 more
CVE-2022-45061
A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder ...
redhat/python3<0:3.6.8-48.el8_7.1
redhat/python3.9<0:3.9.14-1.el9_1.2
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
redhat/python<3.11.1
redhat/python<3.10.9
and 51 more
CVE-2022-40303
A flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEnt...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
Apple tvOS<16.2
Apple watchOS<9.2
Apple macOS Big Sur<11.7.2
Apple macOS Monterey<12.6.2
and 29 more
CVE-2020-35527
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
SQLite SQLite=3.31.1
NetApp ONTAP Select Deploy administration utility
CVE-2022-39046
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it t...
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
GNU glibc=2.36
Netapp H300s Firmware
Netapp H300s
Netapp H500s Firmware
and 18 more
CVE-2022-2953
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from so...
redhat/libtiff<0:4.0.9-26.el8_7
redhat/libtiff<0:4.4.0-5.el9_1
Libtiff Libtiff<=4.4.0
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=11.0
debian/tiff<=4.1.0+git191117-2~deb10u4<=4.1.0+git191117-2~deb10u8
CVE-2022-31676
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root u...
VMware Tools>=10.0.0<12.1.0
Microsoft Windows
VMware Tools>=10.0.0<10.3.25
VMware Tools>=11.0.0<12.1.0
Linux Linux kernel
Debian Debian Linux=10.0
and 9 more
CVE-2022-37434
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call in...
redhat/zlib<0:1.2.7-21.el7_9
redhat/zlib<0:1.2.11-19.el8_6
redhat/rsync<0:3.1.3-19.el8
redhat/zlib<0:1.2.11-32.el9_0
redhat/rsync<0:3.2.3-18.el9
debian/zlib<=1:1.2.11.dfsg-1<=1:1.2.11.dfsg-4<=1:1.2.11.dfsg-2+deb11u1
and 63 more
CVE-2022-35737
MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow
SQLite SQLite>=1.0.12<3.39.2
NetApp ONTAP Select Deploy administration utility
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows Server 2022
Microsoft Windows 10=21H2
and 17 more
CVE-2022-34526
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsp...
debian/tiff<=4.1.0+git191117-2~deb10u4
Libtiff Libtiff=4.4.0
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=10.0
and 1 more
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery v...
debian/gnupg2
Gnupg Gnupg<=2.3.6
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 2 more
CVE-2022-2068
OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request u...
redhat/jbcs-httpd24-openssl<1:1.1.1k-13.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-13.el7
redhat/openssl<1:1.1.1k-7.el8_6
redhat/openssl<1:3.0.1-41.el9_0
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el7
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el8
and 95 more
CVE-2022-29244
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pac...
redhat/nodejs<1:16.16.0-1.el9_0
Npmjs Npm>=7.9.0<8.11.0
NetApp ONTAP Select Deploy administration utility
CVE-2022-1664
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source p...
Debian dpkg>=1.14.17<1.18.26
Debian dpkg>=1.19.0<1.19.8
Debian dpkg>=1.20.0<1.20.10
Debian dpkg>=1.21.0<1.21.8
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 2 more
CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue i...
Pcre Pcre2<10.40
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Netapp Active Iq Unified Manager Vmware Vsphere
and 13 more
CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular...
Pcre Pcre2<10.40
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Hci Management Node
and 12 more
CVE-2022-1622
ImageIO. A denial-of-service issue was addressed with improved validation.
Libtiff Libtiff=4.3.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
NetApp ONTAP Select Deploy administration utility
Apple iPhone OS<16.0
Apple macOS>=11.0<11.7
and 10 more
CVE-2022-1623
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sour...
Libtiff Libtiff=4.3.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=11.0
debian/tiff
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation r...
redhat/libxml2<0:2.9.7-13.el8_6.1
redhat/libxml2<0:2.9.13-1.el9_0.1
debian/libxml2<=2.9.10+dfsg-6.7<=2.9.10+dfsg-6.7+deb11u1<=2.9.4+dfsg1-7+deb10u3<=2.9.13+dfsg-1<=2.9.4+dfsg1-7
debian/libxml2
redhat/libxml2<2.9.14
Xmlsoft Libxml2<2.9.14
and 27 more
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() ...
Angularjs Angular>=1.7.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
NetApp ONTAP Select Deploy administration utility
CVE-2022-1355
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, ...
Libtiff Libtiff<4.4.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 5 more
CVE-2022-1354
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buf...
Libtiff Libtiff<4.4.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Redhat Enterprise Linux=9.0
NetApp ONTAP Select Deploy administration utility
and 3 more
CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The att...
Libtiff Libtiff=4.3.0
NetApp ONTAP Select Deploy administration utility
CVE-2022-0897
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no ...
redhat/libvirt<0:8.5.0-7.el9_1
Redhat Libvirt<=1.1.1
NetApp ONTAP Select Deploy administration utility
redhat/libvirt 8.0.0<8
ubuntu/libvirt<4.0.0-1ubuntu8.21
ubuntu/libvirt<6.0.0-0ubuntu8.16
and 3 more
CVE-2022-0924
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...
debian/tiff
Libtiff Libtiff=4.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 1 more
CVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f...
debian/tiff
Libtiff Libtiff=4.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 1 more
CVE-2022-0908
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
debian/tiff
Libtiff Libtiff<=4.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 1 more
CVE-2022-0907
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the ...
debian/tiff
Libtiff Libtiff=4.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 1 more
CVE-2022-26488
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the sy...
Python Python<=3.7.12
Python Python>=3.8.0<=3.8.12
Python Python>=3.9.0<=3.9.10
Python Python>=3.10.0<=3.10.2
Python Python=3.11.0-alpha1
Python Python=3.11.0-alpha2
and 7 more
CVE-2022-0563
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. Wh...
<2.37.4
Kernel Util-linux<2.37.4
NetApp ONTAP Select Deploy administration utility
CVE-2022-23308
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, ...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 75 more
CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
redhat/cyrus-sasl<0:2.1.23-16.el6_10
redhat/cyrus-sasl<0:2.1.26-24.el7_9
redhat/cyrus-sasl<0:2.1.27-6.el8_5
redhat/cyrus-sasl<0:2.1.27-2.el8_1
redhat/cyrus-sasl<0:2.1.27-2.el8_2
redhat/cyrus-sasl<0:2.1.27-6.el8_4
and 15 more
CVE-2021-45346
** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record...
SQLite SQLite=3.35.1
SQLite SQLite=3.37.0
NetApp ONTAP Select Deploy administration utility
=3.35.1
=3.37.0
CVE-2022-0562
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. ...
debian/tiff
Libtiff Libtiff>=4.0.0<=4.3.0
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 1 more
CVE-2022-0561
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF fi...
debian/tiff
Libtiff Libtiff>=3.9.0<=4.3.0
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 2 more
CVE-2021-4214
A vulnerability was reported in Libpng where the input buffer might not have the same length as the pre-defined value hardcoded in the pngimage so that the index is out of bound in the later loop. Re...
Libpng Libpng=1.6.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
NetApp ONTAP Select Deploy administration utility
debian/libpng1.6<=1.6.36-6<=1.6.37-3<=1.6.39-2<=1.6.40-2
CVE-2022-22844
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
debian/tiff
Libtiff Libtiff=4.3.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
NetApp ONTAP Select Deploy administration utility
CVE-2021-4189
Python could allow a remote attacker to obtain sensitive information, caused by a flaw when using the FTP client library in PASV (passive) mode. By using a specially-crafted FTP server, an attacker co...
redhat/python3<0:3.6.8-45.el8
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 19 more
CVE-2021-4147
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
Redhat Libvirt<2.33.0
Fedoraproject Fedora=35
NetApp ONTAP Select Deploy administration utility
ubuntu/libvirt<4.0.0-1ubuntu8.21
ubuntu/libvirt<6.0.0-0ubuntu8.16
ubuntu/libvirt<7.6.0-0ubuntu1.2
and 3 more
CVE-2021-45078
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by...
GNU Binutils<=2.37
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Redhat Enterprise Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2021-4044
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (f...
rust/openssl-src>=300.0.0<300.0.4
OpenSSL OpenSSL<1.0.2
OpenSSL OpenSSL=1.1.0
OpenSSL OpenSSL=3.0.0
Netapp Cloud Backup
Netapp E-series Performance Analyzer
and 27 more
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input bu...
GNU glibc<2.31
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp E-series Performance Analyzer
Netapp Nfs Plug-in Vmware Vaai
NetApp ONTAP Select Deploy administration utility
and 26 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203