Vulnerabilities > Netapp > Steelstore Cloud Integrated Storage > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-8624 Improper Privilege Management vulnerability in multiple products
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
4.3
2020-08-21 CVE-2020-8622 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
6.5
2020-06-29 CVE-2020-14145 Information Exposure Through Discrepancy vulnerability in multiple products
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
network
high complexity
openbsd netapp CWE-203
5.9
2020-06-24 CVE-2020-15025 Memory Leak vulnerability in multiple products
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
network
low complexity
ntp opensuse netapp oracle CWE-401
4.9
2020-06-17 CVE-2020-8619 Improper Resource Shutdown or Release vulnerability in multiple products
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered.
4.9
2020-06-17 CVE-2020-8618 Reachable Assertion vulnerability in multiple products
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
network
low complexity
isc opensuse netapp canonical CWE-617
4.9
2020-06-15 CVE-2020-14155 Integer Overflow or Wraparound vulnerability in multiple products
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
network
low complexity
pcre apple gitlab oracle netapp splunk CWE-190
5.3
2020-06-12 CVE-2020-10732 A flaw was found in the Linux kernel's implementation of Userspace core dumps.
local
low complexity
linux opensuse canonical netapp
4.4
2020-06-03 CVE-2020-13596 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
6.1
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
5.9