Storagegrid Security Vulnerabilities and Issues — Storagegrid CVE List

Lucene search

NetappStoragegrid

10 matches found

CVE•added 2021/09/16 3:15 p.m.•6435 views

CVE-2021-39275

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8CVSS9.3AI score0.44803EPSS

CVE•added 2021/09/16 3:15 p.m.•4520 views

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9CVSS9.5AI score0.94443EPSS

In wildWeb

CVE•added 2021/09/16 3:15 p.m.•1931 views

CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5CVSS8.8AI score0.10967EPSS

CVE•added 2021/09/16 3:15 p.m.•1469 views

CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

7.5CVSS8.5AI score0.06068EPSS

In wild

CVE•added 2021/03/25 3:15 p.m.•759 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15408EPSS

CVE•added 2021/07/15 2:15 p.m.•589 views

CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

6.5CVSS7AI score0.00917EPSS

CVE•added 2021/03/25 3:15 p.m.•526 views

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.6AI score0.00746EPSS

CVE•added 2021/01/26 6:16 p.m.•479 views

CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

6.5CVSS7AI score0.00043EPSS

CVE•added 2021/01/26 6:16 p.m.•345 views

CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

7.5CVSS8.1AI score0.0013EPSS

CVE•added 2021/12/23 8:15 p.m.•46 views

CVE-2021-27006

StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.

4.4CVSS4.8AI score0.00064EPSS