threat
engine
.sh
Back
·
··:··
Home
/
Product
/
netapp storagegrid
Product
netapp storagegrid
72 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-26517
< 11.8.0.15
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation v
5.4
MEDIUM
CVE-2025-26516
< 11.8.0.15
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vuln
5.3
MEDIUM
CVE-2025-26515
< 11.8.0.15
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are suscepti
7.5
HIGH
CVE-2025-26514
< 11.8.0.15
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site S
6.4
MEDIUM
CVE-2025-25292
all versions
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability
9.8
CRITICAL
CVE-2025-25291
all versions
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability
9.8
CRITICAL
CVE-2024-21994
< 11.9.0
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Suc
4.3
MEDIUM
CVE-2024-21988
< 11.7.0.9
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive i
5.3
MEDIUM
CVE-2024-21984
< 11.7.0.8
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site
5.9
MEDIUM
CVE-2024-21983
< 11.7.0.8
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Su
6.5
MEDIUM
CVE-2023-27318
>= 11.6.0 and <= 11.6.0.13
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulner
6.5
MEDIUM
CVE-2022-38734
< 11.6.0.8
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability.
7.5
HIGH
CVE-2022-23238
>= 11.6.0 and < 11.6.0.3
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel ver
6.5
MEDIUM
CVE-2022-37434
all versions
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra fie
9.8
CRITICAL
CVE-2022-1678
all versions
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memo
5.9
MEDIUM
CVE-2022-0778
all versions
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime m
7.5
HIGH
CVE-2022-23233
< 11.6.0
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully ex
7.5
HIGH
CVE-2022-23232
< 11.6.0
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully ex
4.9
MEDIUM
CVE-2022-23806
all versions
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a
9.1
CRITICAL
CVE-2022-23773
all versions
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This ca
7.5
HIGH
CVE-2022-23772
all versions
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consu
7.5
HIGH
CVE-2021-27006
>= 11.5.0 and < 11.5.0.5
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an
4.4
MEDIUM
CVE-2021-40438
all versions
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a
9.0
CRITICAL
CVE-2021-39275
all versions
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to the
9.8
CRITICAL
CVE-2021-36160
all versions
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affe
7.5
HIGH
CVE-2021-34798
all versions
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
7.5
HIGH
CVE-2021-34558
all versions
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches t
6.5
MEDIUM
CVE-2021-3450
all versions
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4
HIGH
CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9
MEDIUM
CVE-2021-3115
all versions
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the
7.5
HIGH
CVE-2021-3114
all versions
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of
6.5
MEDIUM
CVE-2020-16166
<= 9.0.4
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the i
3.7
LOW
CVE-2020-14664
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u2
8.3
HIGH
CVE-2020-14593
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
7.4
HIGH
CVE-2020-14583
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3
HIGH
CVE-2020-14581
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7
LOW
CVE-2020-14579
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7
LOW
CVE-2020-14578
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7
LOW
CVE-2020-14577
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected a
3.7
LOW
CVE-2020-14556
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
4.8
MEDIUM
CVE-2020-2830
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are aff
5.3
MEDIUM
CVE-2020-2816
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
7.5
HIGH
CVE-2020-2805
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3
HIGH
CVE-2020-2803
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3
HIGH
CVE-2020-2800
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions
4.8
MEDIUM
CVE-2020-2781
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected a
5.3
MEDIUM
CVE-2020-2778
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
3.7
LOW
CVE-2020-2773
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
3.7
LOW
CVE-2020-2767
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
4.8
MEDIUM
CVE-2020-2757
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7
LOW
CVE-2020-2756
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7
LOW
CVE-2020-2755
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
3.7
LOW
CVE-2020-2754
>= 9.0.0 and <= 9.0.4
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
3.7
LOW
CVE-2020-8571
>= 10.0.0 and < 11.2.0.8
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulne
7.5
HIGH
CVE-2019-1559
>= 9.0.0 and <= 9.0.4
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9
MEDIUM
CVE-2018-2826
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java
8.3
HIGH
CVE-2018-2825
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java
8.3
HIGH
CVE-2018-1312
all versions
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks
9.8
CRITICAL
CVE-2018-1303
all versions
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound r
7.5
HIGH
CVE-2018-1302
all versions
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL
5.9
MEDIUM
CVE-2018-1301
all versions
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after
5.9
MEDIUM
CVE-2018-1283
all versions
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, no
5.3
MEDIUM
CVE-2017-15715
all versions
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious fi
8.1
HIGH
CVE-2017-15710
all versions
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
7.5
HIGH
CVE-2016-10708
all versions
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an
7.5
HIGH
CVE-2018-2638
<= 9.0.4
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3
HIGH
CVE-2018-2627
<= 9.0.4
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java
7.5
HIGH
CVE-2018-2581
<= 9.0.4
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE:
4.7
MEDIUM
CVE-2016-8610
all versions
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define
7.5
HIGH
CVE-2017-7668
all versions
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_fi
7.5
HIGH
CVE-2017-3167
all versions
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of t
9.8
CRITICAL
CVE-2016-3427
<= 9.0.4
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin