Product:

Ontap_select_deploy_administration_utility

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 18
Date ID Summary Products Score Patch
2019-02-27 CVE-2019-1559 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt... Ubuntu_linux, Debian_linux, Traffix_signaling_delivery_controller, Element_software, Hyper_converged_infrastructure, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Snapdrive, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Openssl, Leap, Nessus 5.9
2019-02-26 CVE-2019-9169 In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Glibc, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage 9.8
2019-09-09 CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Ubuntu_linux, Fedora, Ontap_select_deploy_administration_utility, Leap, Sqlite N/A
2019-11-21 CVE-2019-5509 ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. Ontap_select_deploy_administration_utility N/A
2019-11-21 CVE-2019-17272 All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges. Ontap_select_deploy_administration_utility N/A
2019-02-26 CVE-2018-20796 In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. Glibc, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage 7.5
2019-09-24 CVE-2019-5505 ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. Ontap_select_deploy_administration_utility N/A
2019-09-24 CVE-2019-5504 ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. Ontap_select_deploy_administration_utility N/A
2019-03-21 CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap 9.1
2019-03-25 CVE-2019-3863 A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. Debian_linux, Libssh2, Ontap_select_deploy_administration_utility, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.8