Filtered by vendor Netapp
Subscriptions
Filtered by product Steelstore Cloud Integrated Storage
Subscriptions
Total
216 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15025 | 4 Netapp, Ntp, Opensuse and 1 more | 27 8300, 8300 Firmware, 8700 and 24 more | 2024-11-21 | 4.4 Medium |
| ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | ||||
| CVE-2020-14664 | 2 Netapp, Oracle | 15 7-mode Transition Tool, Active Iq Unified Manager, Cloud Backup and 12 more | 2024-11-21 | 8.3 High |
| Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2020-14195 | 5 Debian, Fasterxml, Netapp and 2 more | 17 Debian Linux, Jackson-databind, Active Iq Unified Manager and 14 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | ||||
| CVE-2020-14155 | 7 Apple, Gitlab, Netapp and 4 more | 22 Macos, Gitlab, Active Iq Unified Manager and 19 more | 2024-11-21 | 5.3 Medium |
| libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | ||||
| CVE-2020-14062 | 5 Debian, Fasterxml, Netapp and 2 more | 18 Debian Linux, Jackson-databind, Active Iq Unified Manager and 15 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | ||||
| CVE-2020-14060 | 4 Fasterxml, Netapp, Oracle and 1 more | 17 Jackson-databind, Active Iq Unified Manager, Steelstore Cloud Integrated Storage and 14 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | ||||
| CVE-2020-13692 | 6 Debian, Fedoraproject, Netapp and 3 more | 14 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 11 more | 2024-11-21 | 7.7 High |
| PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | ||||
| CVE-2020-13596 | 6 Canonical, Debian, Djangoproject and 3 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | ||||
| CVE-2020-13254 | 7 Canonical, Debian, Djangoproject and 4 more | 8 Ubuntu Linux, Debian Linux, Django and 5 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | ||||
| CVE-2020-13143 | 5 Canonical, Debian, Linux and 2 more | 38 Ubuntu Linux, Debian Linux, Linux Kernel and 35 more | 2024-11-21 | 6.5 Medium |
| gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. | ||||
| CVE-2020-12888 | 7 Canonical, Debian, Fedoraproject and 4 more | 45 Ubuntu Linux, Debian Linux, Fedora and 42 more | 2024-11-21 | 5.3 Medium |
| The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | ||||
| CVE-2020-12771 | 6 Canonical, Debian, Linux and 3 more | 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | ||||
| CVE-2020-12770 | 6 Canonical, Debian, Fedoraproject and 3 more | 42 Ubuntu Linux, Debian Linux, Fedora and 39 more | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | ||||
| CVE-2020-12769 | 5 Canonical, Debian, Linux and 2 more | 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | ||||
| CVE-2020-12659 | 3 Linux, Netapp, Redhat | 9 Linux Kernel, Active Iq Unified Manager, Aff Baseboard Management Controller and 6 more | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. | ||||
| CVE-2020-12653 | 5 Debian, Linux, Netapp and 2 more | 42 Debian Linux, Linux Kernel, A700s and 39 more | 2024-11-21 | 7.8 High |
| An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. | ||||
| CVE-2020-12465 | 3 Linux, Netapp, Redhat | 10 Linux Kernel, Active Iq Unified Manager, Aff Baseboard Management Controller and 7 more | 2024-11-21 | 6.7 Medium |
| An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. | ||||
| CVE-2020-12464 | 3 Linux, Netapp, Redhat | 11 Linux Kernel, Active Iq Unified Manager, Aff A700s and 8 more | 2024-11-21 | 6.7 Medium |
| usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | ||||
| CVE-2020-12243 | 9 Apple, Broadcom, Canonical and 6 more | 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more | 2024-11-21 | 7.5 High |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||||
| CVE-2020-11884 | 6 Canonical, Debian, Fedoraproject and 3 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2024-11-21 | 7.0 High |
| In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. | ||||