Ontap Select Deploy Administration Utility Security Vulnerabilities and Issues — Ontap Select Deploy Administration Utility CVE List

Lucene search

NetappOntap Select Deploy Administration Utility

15 matches found

CVE•added 2021/03/25 3:15 p.m.•750 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.11133EPSS

CVE•added 2021/03/25 3:15 p.m.•518 views

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.6AI score0.00547EPSS

CVE•added 2021/03/03 5:15 p.m.•360 views

CVE-2020-25647

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution al...

7.6CVSS8.2AI score0.0001EPSS

CVE•added 2021/03/03 5:15 p.m.•340 views

CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by on...

8.2CVSS8.1AI score0.00286EPSS

CVE•added 2021/03/03 5:15 p.m.•314 views

CVE-2020-25632

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secu...

8.2CVSS8.3AI score0.00015EPSS

CVE•added 2021/03/03 5:15 p.m.•309 views

CVE-2020-27779

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest th...

7.5CVSS7.7AI score0.00013EPSS

CVE•added 2021/03/03 5:15 p.m.•290 views

CVE-2020-27749

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that re...

7.2CVSS7.4AI score0.00064EPSS

CVE•added 2021/03/03 5:15 p.m.•289 views

CVE-2020-14372

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdow...

7.5CVSS7.3AI score0.02778EPSS

CVE•added 2021/03/03 5:15 p.m.•280 views

CVE-2021-20225

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and in...

7.2CVSS7.3AI score0.00098EPSS

CVE•added 2021/03/09 8:15 p.m.•219 views

CVE-2020-35522

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

5.5CVSS6.1AI score0.00057EPSS

CVE•added 2021/03/09 8:15 p.m.•213 views

CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.8CVSS7.2AI score0.00487EPSS

CVE•added 2021/03/09 8:15 p.m.•209 views

CVE-2020-35523

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.8CVSS7.2AI score0.00255EPSS

CVE•added 2021/03/26 5:15 p.m.•176 views

CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can tric...

6.3CVSS6.3AI score0.00184EPSS

CVE•added 2021/03/09 8:15 p.m.•167 views

CVE-2020-35521

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

5.5CVSS5.9AI score0.00098EPSS

CVE•added 2021/03/26 5:15 p.m.•146 views

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

5.5CVSS6AI score0.00114EPSS