NetApp Ontap Select Deploy Administration Utility
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in NetApp Ontap Select Deploy Administration Utility.
By the Year
In 2024 there have been 1 vulnerability in NetApp Ontap Select Deploy Administration Utility with an average score of 8.1 out of ten. Last year Ontap Select Deploy Administration Utility had 8 security vulnerabilities published. Right now, Ontap Select Deploy Administration Utility is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.51.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 8.10 |
2023 | 8 | 6.59 |
2022 | 51 | 6.73 |
2021 | 63 | 7.37 |
2020 | 12 | 6.19 |
2019 | 26 | 8.31 |
2018 | 0 | 0.00 |
It may take a day or so for new Ontap Select Deploy Administration Utility vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Ontap Select Deploy Administration Utility Security Vulnerabilities
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd)
CVE-2024-6387
8.1 - High
- July 01, 2024
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Race Condition
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVE-2023-20900
7.5 - High
- August 31, 2023
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Authentication Bypass by Capture-replay
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability
CVE-2022-48064
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Allocation of Resources Without Limits or Throttling
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48065
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
Memory Leak
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption
CVE-2023-38403
7.5 - High
- July 17, 2023
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
Integer Overflow or Wraparound
Issue summary: The AES-SIV cipher implementation contains a bug
CVE-2023-2975
5.3 - Medium
- July 14, 2023
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.
authentification
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL
CVE-2023-24329
7.5 - High
- February 17, 2023
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
Improper Input Validation
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS
CVE-2023-0361
7.4 - High
- February 15, 2023
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Side Channel Attack
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling
CVE-2023-25136
6.5 - Medium
- February 03, 2023
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Double-free
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
CVE-2022-4292
7.8 - High
- December 05, 2022
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
Dangling pointer
An issue was discovered in libxml2 before 2.10.3
CVE-2022-40303
7.5 - High
- November 23, 2022
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Integer Overflow or Wraparound
An issue was discovered in Python before 3.11.1
CVE-2022-45061
7.5 - High
- November 09, 2022
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Inefficient Algorithmic Complexity
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views
CVE-2020-35527
9.8 - Critical
- September 01, 2022
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
Buffer Overflow
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function
CVE-2022-1355
6.1 - Medium
- August 31, 2022
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
Stack Overflow
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function
CVE-2022-1354
5.5 - Medium
- August 31, 2022
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
Out-of-bounds Read
An issue was discovered in the GNU C Library (glibc) 2.36
CVE-2022-39046
5.3 - Medium
- August 31, 2022
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Insertion of Sensitive Information into Log File
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905
CVE-2022-2953
5.5 - Medium
- August 29, 2022
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
Out-of-bounds Read
A heap overflow flaw was found in libpngs' pngimage.c program
CVE-2021-4214
5.5 - Medium
- August 24, 2022
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
Classic Buffer Overflow
A flaw was found in glibc
CVE-2021-3998
7.5 - High
- August 24, 2022
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Out-of-bounds Read
A flaw was found in glibc
CVE-2021-3999
7.8 - High
- August 24, 2022
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
off-by-five
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode
CVE-2021-4189
5.3 - Medium
- August 24, 2022
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Unchecked Return Value
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability
CVE-2022-31676
7.8 - High
- August 23, 2022
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Improper Privilege Management
A use-after-free flaw was found in libvirt
CVE-2021-3975
6.5 - Medium
- August 23, 2022
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
Dangling pointer
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
CVE-2022-37434
9.8 - Critical
- August 05, 2022
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Memory Corruption
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes
CVE-2022-35737
7.5 - High
- August 03, 2022
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
out-of-bounds array index
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0
CVE-2022-34526
6.5 - Medium
- July 29, 2022
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
Memory Corruption
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader
CVE-2021-3696
4.5 - Medium
- July 06, 2022
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area
CVE-2021-3695
4.5 - Medium
- July 06, 2022
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information
CVE-2022-34903
6.5 - Medium
- July 01, 2022
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Injection
In addition to the c_rehash shell command injection identified in CVE-2022-1292
CVE-2022-2068
9.8 - Critical
- June 21, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Shell injection
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie
CVE-2022-29244
7.5 - High
- June 13, 2022
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.
Information Disclosure
Dpkg::Source::Archive in dpkg
CVE-2022-1664
9.8 - Critical
- May 26, 2022
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Directory traversal
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file
CVE-2022-1587
9.1 - Critical
- May 16, 2022
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Out-of-bounds Read
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file
CVE-2022-1586
9.1 - Critical
- May 16, 2022
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Out-of-bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624
CVE-2022-1623
5.5 - Medium
- May 11, 2022
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Out-of-bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619
CVE-2022-1622
5.5 - Medium
- May 11, 2022
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Out-of-bounds Read
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows
CVE-2022-29824
6.5 - Medium
- May 03, 2022
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Integer Overflow or Wraparound
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule
CVE-2022-25844
7.5 - High
- May 01, 2022
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
ReDoS
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file
CVE-2015-20107
7.6 - High
- April 13, 2022
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Command Injection
A vulnerability classified as problematic was found in LibTIFF 4.3.0
CVE-2022-1210
6.5 - Medium
- April 03, 2022
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
Improper Resource Shutdown or Release
A flaw was found in the libvirt nwfilter driver
CVE-2022-0897
4.3 - Medium
- March 25, 2022
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
Improper Locking
A flaw was found in the libvirt libxl driver
CVE-2021-4147
6.5 - Medium
- March 25, 2022
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
Improper Locking
zlib before 1.2.12 allows memory corruption when deflating (i.e
CVE-2018-25032
7.5 - High
- March 25, 2022
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Memory Corruption
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file
CVE-2022-0924
5.5 - Medium
- March 11, 2022
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
Out-of-bounds Read
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file
CVE-2022-0909
5.5 - Medium
- March 11, 2022
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
Divide By Zero
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service
CVE-2022-0908
5.5 - Medium
- March 11, 2022
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
NULL Pointer Dereference
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0
CVE-2022-0907
5.5 - Medium
- March 11, 2022
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
Unchecked Return Value
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured
CVE-2022-26488
7 - High
- March 10, 2022
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
Untrusted Path
There's a flaw in urllib's AbstractBasicAuthHandler class
CVE-2021-3733
6.5 - Medium
- March 10, 2022
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Resource Exhaustion
A flaw was found in python
CVE-2021-3737
7.5 - High
- March 04, 2022
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Resource Exhaustion
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt
CVE-2021-3667
6.5 - Medium
- March 02, 2022
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
Improper Locking
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels
CVE-2021-3631
6.3 - Medium
- March 02, 2022
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
Incorrect Permission Assignment for Critical Resource
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2022-23308
7.5 - High
- February 26, 2022
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Dangling pointer
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28
CVE-2022-24407
8.8 - High
- February 24, 2022
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
SQL Injection
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support
CVE-2022-0563
5.5 - Medium
- February 21, 2022
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
Generation of Error Message Containing Sensitive Information
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory
CVE-2021-45346
4.3 - Medium
- February 14, 2022
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
Memory Leak
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service
CVE-2022-0562
5.5 - Medium
- February 11, 2022
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service
CVE-2022-0561
5.5 - Medium
- February 11, 2022
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
NULL Pointer Dereference
A flaw was found in Python, specifically within the urllib.parse module
CVE-2022-0391
7.5 - High
- February 09, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
Injection
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVE-2022-22844
5.5 - Medium
- January 10, 2022
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
Out-of-bounds Read
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37
CVE-2021-45078
7.8 - High
- December 15, 2021
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
Memory Corruption
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server
CVE-2021-4044
7.5 - High
- December 14, 2021
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
Infinite Loop
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request)
CVE-2021-3671
6.5 - Medium
- October 12, 2021
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
NULL Pointer Dereference
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used
CVE-2021-41617
7 - High
- September 26, 2021
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
OpenSSH through 8.7 allows remote attackers, who have a suspicion
CVE-2016-20012
5.3 - Medium
- September 15, 2021
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
vim is vulnerable to Use After Free
CVE-2021-3796
7.3 - High
- September 15, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3778
7.8 - High
- September 15, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
Buffer Overflow in LibTiff v4.0.10
CVE-2020-19144
6.5 - Medium
- September 09, 2021
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
Memory Corruption
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3770
7.8 - High
- September 06, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext
CVE-2021-3580
7.5 - High
- August 05, 2021
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Improper Input Validation
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way
CVE-2021-37600
5.5 - Medium
- July 30, 2021
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
Integer Overflow or Wraparound
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted
CVE-2021-35942
9.1 - Critical
- July 22, 2021
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Integer Overflow or Wraparound
A flaw was found in libxml2
CVE-2021-3541
6.5 - Medium
- July 09, 2021
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
XEE
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36
CVE-2021-3530
7.5 - High
- June 02, 2021
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
Stack Exhaustion
There's a flaw in lz4
CVE-2021-3520
9.8 - Critical
- June 02, 2021
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Integer Overflow or Wraparound
There's a flaw in libxml2's xmllint in versions before 2.9.11
CVE-2021-3516
7.8 - High
- June 01, 2021
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Dangling pointer
A security issue in nginx resolver was identified, which might
CVE-2021-23017
7.7 - High
- June 01, 2021
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
off-by-five
An information disclosure vulnerability was found in libvirt in versions before 6.3.0
CVE-2020-14301
6.5 - Medium
- May 27, 2021
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
Improper Removal of Sensitive Information Before Storage or Transfer
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e
CVE-2021-25217
7.4 - High
- May 26, 2021
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
Buffer Overflow
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0
CVE-2021-3559
6.5 - Medium
- May 24, 2021
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
Buffer Overflow
A flaw was found in libwebp in versions before 1.0.1
CVE-2020-36332
7.5 - High
- May 21, 2021
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Resource Exhaustion
A flaw was found in libwebp in versions before 1.0.1
CVE-2020-36331
9.1 - Critical
- May 21, 2021
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Out-of-bounds Read
A flaw was found in libwebp in versions before 1.0.1
CVE-2020-36330
9.1 - Critical
- May 21, 2021
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Out-of-bounds Read
A flaw was found in libwebp in versions before 1.0.1
CVE-2020-36329
9.8 - Critical
- May 21, 2021
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Dangling pointer
A flaw was found in libwebp in versions before 1.0.1
CVE-2020-36328
9.8 - Critical
- May 21, 2021
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Memory Corruption
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
CVE-2018-25014
9.8 - Critical
- May 21, 2021
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Use of Uninitialized Resource
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
CVE-2018-25013
9.1 - Critical
- May 21, 2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
Out-of-bounds Read
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
CVE-2018-25012
9.1 - Critical
- May 21, 2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
Out-of-bounds Read
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
CVE-2018-25011
9.8 - Critical
- May 21, 2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
Memory Corruption
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
CVE-2018-25010
9.1 - Critical
- May 21, 2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
Out-of-bounds Read
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
CVE-2018-25009
9.1 - Critical
- May 21, 2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
Out-of-bounds Read
There's a flaw in Python 3's pydoc
CVE-2021-3426
5.7 - Medium
- May 20, 2021
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Directory traversal
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11
CVE-2021-3517
8.6 - High
- May 19, 2021
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Memory Corruption
There's a flaw in libxml2 in versions before 2.9.11
CVE-2021-3518
8.8 - High
- May 18, 2021
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Dangling pointer
A vulnerability found in libxml2 in versions before 2.9.11 shows
CVE-2021-3537
5.9 - Medium
- May 14, 2021
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
NULL Pointer Dereference
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin
CVE-2021-31879
6.1 - Medium
- April 29, 2021
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
Open Redirect
A flaw was found in Nettle in versions before 3.7.2
CVE-2021-20305
8.1 - High
- April 05, 2021
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
Memory Corruption