Netapp

Storagegrid

72 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-23772

  • EPSS 0.02%
  • Published 11.02.2022 01:15:07
  • Last modified 21.11.2024 06:49:15

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

4.4

CVE-2021-27006

  • EPSS 0.06%
  • Published 23.12.2021 20:15:09
  • Last modified 21.11.2024 05:57:10

StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Published 16.09.2021 15:15:07
  • Last modified 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5

CVE-2021-36160

  • EPSS 4.96%
  • Published 16.09.2021 15:15:07
  • Last modified 01.05.2025 15:40:05

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

9.8

CVE-2021-39275

  • EPSS 46.97%
  • Published 16.09.2021 15:15:07
  • Last modified 01.05.2025 15:39:40

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

9

CVE-2021-40438

Warning
  • EPSS 94.43%
  • Published 16.09.2021 15:15:07
  • Last modified 16.05.2025 15:27:13

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

6.5

CVE-2021-34558

  • EPSS 1.48%
  • Published 15.07.2021 14:15:19
  • Last modified 21.11.2024 06:10:40

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

7.4

CVE-2021-3450

  • EPSS 0.69%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

7.5

CVE-2021-3115

  • EPSS 0.13%
  • Published 26.01.2021 18:16:27
  • Last modified 21.11.2024 06:20:54

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted dow...