Steelstore Cloud Integrated Storage

steelstore_cloud_integrated_storage

Vendor: Netapp • 211 CVEs

CVEs (211)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15025 4Netapp NtpOpensuse+1 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used...Show more ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.Show less
CVE-2020-8619 6Canonical DebianFedoraproject+3 more 6Bind Debian LinuxFedora+3 more Nov 21, 2024 Jun 17, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or mor...Show more In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.Show less
CVE-2020-8618 4Canonical IscNetapp+1 more 4Bind LeapSteelstore Cloud Integrated Storage+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
CVE-2020-14195 4Debian FasterxmlNetapp+1 more 14Active Iq Unified Manager Agile PlmBanking Digital Experience+11 more Nov 21, 2024 Jun 16, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CVE-2020-14155 6Apple GitlabNetapp+3 more 15Active Iq Unified Manager Cloud BackupClustered Data Ontap+12 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-14060 3Fasterxml NetappOracle 12Active Iq Unified Manager Agile PlmBanking Digital Experience+9 more Apr 29, 2026 Jun 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVE-2020-14062 4Debian FasterxmlNetapp+1 more 13Active Iq Unified Manager Agile PlmBanking Digital Experience+10 more Apr 29, 2026 Jun 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVE-2020-14061 4Debian FasterxmlNetapp+1 more 15Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+12 more Aug 27, 2025 Jun 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms....Show more FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).Show less
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-10757 7Canonical DebianFedoraproject+4 more 10Active Iq Unified Manager Cloud BackupDebian Linux+7 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2020-13692 5Debian FedoraprojectNetapp+2 more 5Debian Linux FedoraPostgresql Jdbc Driver+2 more Nov 21, 2024 Jun 4, 2020 N/A· v4 7.7 HIGH· v3 6.8 MEDIUM· v2 PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE-2020-13817 4Fujitsu NetappNtp+1 more 25Cloud Backup Clustered Data OntapData Ontap+22 more May 5, 2025 Jun 4, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must...Show more ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.Show less
CVE-2020-13596 6Canonical DebianDjangoproject+3 more 7Debian Linux DjangoFedora+4 more Nov 21, 2024 Jun 3, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2020-13254 6Canonical DebianDjangoproject+3 more 7Debian Linux DjangoFedora+4 more Nov 21, 2024 Jun 3, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential da...Show more An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.Show less
CVE-2020-13143 5Canonical DebianLinux+2 more 24A700s Firmware Active Iq Unified ManagerBootstrap Os+21 more Nov 21, 2024 May 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out...Show more gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.Show less
CVE-2020-12888 6Canonical DebianFedoraproject+3 more 25A700s Firmware Active Iq Unified ManagerBootstrap Os+22 more Nov 21, 2024 May 15, 2020 N/A· v4 5.3 MEDIUM· v3 4.7 MEDIUM· v2 The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2020-12771 6Canonical DebianLinux+3 more 24A700s Firmware Active Iq Unified ManagerCloud Backup+21 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12770 5Canonical DebianFedoraproject+2 more 23A700s Firmware Active Iq Unified ManagerBootstrap Os+20 more Nov 21, 2024 May 9, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12769 5Canonical DebianLinux+2 more 23A700s Firmware Active Iq Unified ManagerCloud Backup+20 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-10690 6Canonical DebianLinux+3 more 22Active Iq Unified Manager Debian LinuxElement Software+19 more Nov 21, 2024 May 8, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /d...Show more There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.Show less

Previous 123 4 5...11 Next