Steelstore Cloud Integrated Storage

steelstore_cloud_integrated_storage

Vendor: Netapp • 211 CVEs

CVEs (211)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7595 7Canonical DebianFedoraproject+4 more 24Clustered Data Ontap Communications Cloud Native Core Network Function Cloud Native EnvironmentDebian Linux+21 more Dec 3, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388 6Debian FedoraprojectNetapp+3 more 24Cloud Backup Clustered Data OntapCommunications Cloud Native Core Network Function Cloud Native Environment+21 more Dec 17, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-20386 5Canonical FedoraprojectNetapp+2 more 7Active Iq Unified Manager Cloud BackupFedora+4 more Jun 9, 2025 Jan 21, 2020 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
CVE-2019-18282 3Debian LinuxNetapp 148300 Firmware 8700 FirmwareA400 Firmware+11 more Nov 21, 2024 Jan 16, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashr...Show more The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.Show less
CVE-2020-2659 6Canonical DebianNetapp+3 more 23Active Iq Unified Manager Debian LinuxE Series Performance Analyzer+20 more Nov 21, 2024 Jan 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerabi...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2020-2654 7Canonical DebianMcafee+4 more 23Active Iq Unified Manager Debian LinuxE Series Performance Analyzer+20 more Nov 21, 2024 Jan 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated...Show more Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2020-2604 7Canonical DebianMcafee+4 more 27Active Iq Unified Manager Commerce Experience ManagerCommerce Guided Search+24 more Nov 21, 2024 Jan 15, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult t...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2020-2601 6Canonical DebianNetapp+3 more 23Active Iq Unified Manager Debian LinuxE Series Performance Analyzer+20 more Nov 21, 2024 Jan 15, 2020 N/A· v4 6.8 MEDIUM· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exp...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).Show less
CVE-2020-2593 7Canonical DebianMcafee+4 more 24Active Iq Unified Manager Debian LinuxE Series Performance Analyzer+21 more Nov 21, 2024 Jan 15, 2020 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to e...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).Show less
CVE-2020-2590 7Canonical DebianMcafee+4 more 24Active Iq Unified Manager Debian LinuxE Series Performance Analyzer+21 more Nov 21, 2024 Jan 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exp...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).Show less
CVE-2020-2585 2Netapp Oracle 14Active Iq Unified Manager Cloud BackupE Series Performance Analyzer+11 more Nov 21, 2024 Jan 15, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access...Show more Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).Show less
CVE-2020-2583 7Canonical DebianMcafee+4 more 24Active Iq Unified Manager Debian LinuxE Series Performance Analyzer+21 more Nov 21, 2024 Jan 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult t...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2019-20330 4Debian FasterxmlNetapp+1 more 30Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+27 more Nov 21, 2024 Jan 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-20095 3Linux NetappOpensuse 148300 Firmware 8700 FirmwareA400 Firmware+11 more Nov 21, 2024 Dec 30, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory...Show more mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.Show less
CVE-2019-20054 2Linux Netapp 138300 Firmware 8700 FirmwareA400 Firmware+10 more Nov 21, 2024 Dec 28, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-19966 4Debian LinuxNetapp+1 more 13Active Iq Unified Manager Aff Baseboard Management ControllerCloud Backup+10 more Nov 21, 2024 Dec 25, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19965 5Canonical DebianLinux+2 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Dec 25, 2019 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f7...Show more In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.Show less
CVE-2019-19956 7Canonical DebianFedoraproject+4 more 12Active Iq Unified Manager Clustered Data OntapClustered Data Ontap Antivirus Connector+9 more Dec 3, 2025 Dec 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2019-19947 4Canonical DebianLinux+1 more 13Active Iq Unified Manager Aff Baseboard Management ControllerCloud Backup+10 more Nov 21, 2024 Dec 24, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
CVE-2019-5108 5Canonical DebianLinux+2 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Dec 23, 2019 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the require...Show more An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.Show less

Previous 1...456...11 Next