Storagegrid Security Vulnerabilities and Issues — Storagegrid CVE List

Lucene search

NetappStoragegrid

9 matches found

CVE•added 2022/03/15 5:15 p.m.•1243 views

CVE-2022-0778

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

7.5CVSS7.8AI score0.0805EPSS

In wild

CVE•added 2022/08/05 7:15 a.m.•1076 views

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHe...

9.8CVSS9.9AI score0.92678EPSS

CVE•added 2022/02/11 1:15 a.m.•462 views

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

7.5CVSS8.1AI score0.00062EPSS

CVE•added 2022/02/11 1:15 a.m.•453 views

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

9.1CVSS9.1AI score0.0002EPSS

CVE•added 2022/02/11 1:15 a.m.•416 views

CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

7.8CVSS8.4AI score0.00016EPSS

CVE•added 2022/05/25 3:15 p.m.•106 views

CVE-2022-1678

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

7.5CVSS7.2AI score0.00522EPSS

CVE•added 2022/03/04 6:15 p.m.•80 views

CVE-2022-23233

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.

7.5CVSS7.4AI score0.00389EPSS

CVE•added 2022/03/04 6:15 p.m.•75 views

CVE-2022-23232

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user accoun...

4.9CVSS5.1AI score0.00335EPSS

CVE•added 2022/08/10 8:15 p.m.•55 views

CVE-2022-23238

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email re...

6.5CVSS6.2AI score0.00485EPSS