Vulnerabilities > Netapp > Steelstore Cloud Integrated Storage > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-8623 Reachable Assertion vulnerability in multiple products
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.
7.5
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
local
low complexity
openbsd netapp broadcom CWE-78
7.8
2020-07-20 CVE-2020-15852 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests.
local
low complexity
linux xen netapp CWE-276
7.8
2020-07-15 CVE-2020-14664 Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX).
network
high complexity
oracle netapp
8.3
2020-07-15 CVE-2020-14593 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). 7.4
2020-07-15 CVE-2020-14583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 8.3
2020-06-14 CVE-2020-14060 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
network
high complexity
fasterxml netapp oracle CWE-502
8.1
2020-06-14 CVE-2020-14062 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-06-14 CVE-2020-14061 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-06-09 CVE-2020-10757 Type Confusion vulnerability in multiple products
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.
7.8