Vulnerabilities > Netapp > Steelstore Cloud Integrated Storage

DATE CVE VULNERABILITY TITLE RISK
2020-06-04 CVE-2020-13692 XXE vulnerability in multiple products
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
7.7
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
network
high complexity
ntp netapp opensuse fujitsu CWE-330
7.4
2020-06-03 CVE-2020-13596 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
6.1
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
5.9
2020-05-18 CVE-2020-13143 Out-of-bounds Read vulnerability in multiple products
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
network
low complexity
linux opensuse debian canonical netapp CWE-125
6.5
2020-05-15 CVE-2020-12888 Improper Handling of Exceptional Conditions vulnerability in multiple products
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3
2020-05-09 CVE-2020-12771 Improper Locking vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.6.11.
5.5
2020-05-09 CVE-2020-12770 An issue was discovered in the Linux kernel through 5.6.11.
local
low complexity
linux fedoraproject canonical debian netapp
6.7
2020-05-09 CVE-2020-12769 Improper Synchronization vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.4.17.
local
low complexity
linux debian canonical opensuse netapp CWE-662
5.5
2020-05-08 CVE-2020-10690 Use After Free vulnerability in multiple products
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation.
6.4