Vulnerabilities > Netapp > Steelstore Cloud Integrated Storage > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-8623 Reachable Assertion vulnerability in multiple products
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.
7.5
2020-08-21 CVE-2020-8621 Reachable Assertion vulnerability in multiple products
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash.
network
low complexity
isc opensuse canonical synology netapp CWE-617
7.5
2020-08-21 CVE-2020-8620 Reachable Assertion vulnerability in multiple products
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
network
low complexity
isc opensuse netapp canonical CWE-617
7.5
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
local
low complexity
openbsd netapp broadcom CWE-78
7.8
2020-07-20 CVE-2020-15852 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests.
local
low complexity
linux xen netapp CWE-276
7.8
2020-06-16 CVE-2020-14195 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-06-14 CVE-2020-14060 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
network
high complexity
fasterxml netapp oracle CWE-502
8.1
2020-06-14 CVE-2020-14062 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-06-14 CVE-2020-14061 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-06-09 CVE-2020-10757 Type Confusion vulnerability in multiple products
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.
7.8