Vulnerabilities > Netapp > Steelstore Cloud Integrated Storage

DATE CVE VULNERABILITY TITLE RISK
2019-09-09 CVE-2019-16168 Divide By Zero vulnerability in multiple products
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
6.5
2019-07-17 CVE-2019-13272 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). 7.8
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in multiple products
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
5.3
2019-05-28 CVE-2019-5436 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.8
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-26 CVE-2019-9169 Out-of-bounds Read vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
network
low complexity
gnu netapp mcafee canonical CWE-125
critical
9.8
2019-02-26 CVE-2018-20796 Uncontrolled Recursion vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
network
low complexity
gnu netapp CWE-674
7.5
2019-02-26 CVE-2009-5155 Data Processing Errors vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
network
low complexity
gnu netapp CWE-19
7.5
2019-01-10 CVE-2018-20685 Incorrect Authorization vulnerability in multiple products
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of .
5.3