Product:

Ontap_select_deploy_administration_utility

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 60
Date Id Summary Products Score Patch Annotated
2021-05-18 CVE-2021-3518 There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Snapdrive, Enterprise_manager_ops_center, Mysql_workbench, Real_user_experience_insight, Enterprise_linux, Jboss_core_services, Libxml2 8.8
2021-05-14 CVE-2021-3537 A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Snapdrive, Enterprise_manager_ops_center, Mysql_workbench, Openjdk, Real_user_experience_insight, Enterprise_linux, Jboss_core_services, Libxml2 5.9
2021-06-01 CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Nginx, Fedora, Ontap_select_deploy_administration_utility, Openresty, Communications_control_plane_monitor, Communications_fraud_monitor, Communications_operations_monitor, Enterprise_telephony_fraud_monitor 9.4
2021-02-15 CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can... Debian_linux, Django, Fedora, Inventory_collect_tool, Ontap_select_deploy_administration_utility, Snapcenter, Communications_offline_mediation_controller, Communications_pricing_design_center, Zfs_storage_appliance, Python 5.9
2021-04-05 CVE-2021-20305 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Nettle, Enterprise_linux 8.1
2021-05-19 CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_h410c_firmware, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Snapdrive, Snapmanager, Solidfire, Mysql_workbench, Openjdk, Real_user_experience_insight, Enterprise_linux, Jboss_core_services, Libxml2 8.6
2021-09-09 CVE-2020-19144 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Debian_linux, Ontap_select_deploy_administration_utility, Libtiff 6.5
2021-05-21 CVE-2018-25012 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. Debian_linux, Ontap_select_deploy_administration_utility, Enterprise_linux, Libwebp 9.1
2021-05-21 CVE-2018-25013 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. Debian_linux, Ontap_select_deploy_administration_utility, Enterprise_linux, Libwebp 9.1
2021-05-21 CVE-2020-36328 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Ipad_os, Iphone_os, Debian_linux, Ontap_select_deploy_administration_utility, Enterprise_linux, Libwebp 9.8