Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Storagegrid
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 65 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-16 | CVE-2021-36160 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit | 7.5 | ||
| 2021-09-16 | CVE-2021-39275 | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | Http_server, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Http_server, Instantis_enterprisetrack, Zfs_storage_appliance_kit, Sinec_nms, Sinema_server | 9.8 | ||
| 2022-08-05 | CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | Ipados, Iphone_os, Macos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, H300s_firmware, H500s_firmware, H700s_firmware, Hci, Hci_compute_node, Management_services_for_element_software, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Storagegrid, Stormshield_network_security, Zlib | 9.8 | ||
| 2023-03-02 | CVE-2022-38734 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service. | Storagegrid | 7.5 | ||
| 2021-09-16 | CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, F5os, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc | 9.0 | ||
| 2016-04-21 | CVE-2016-3427 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | Cassandra, Ubuntu_linux, Debian_linux, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_balance, Oncommand_cloud_manager, Oncommand_insight, Oncommand_performance_manager, Oncommand_report, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap, Opensuse, Jdk, Jre, Jrockit, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_desktop, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud | 9.8 | ||
| 2024-02-16 | CVE-2024-21983 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. | Storagegrid | 6.5 | ||
| 2024-02-16 | CVE-2024-21984 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. | Storagegrid | 6.9 | ||
| 2024-06-14 | CVE-2024-21988 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. | Storagegrid | 5.3 | ||
| 2020-03-13 | CVE-2020-8571 | StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | Storagegrid | 7.5 |