Vulnerabilities > Netapp > Steelstore Cloud Integrated Storage > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-09 CVE-2019-16168 Divide By Zero vulnerability in multiple products
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
6.5
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in multiple products
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
5.3
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-01-10 CVE-2018-20685 Incorrect Authorization vulnerability in multiple products
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of .
5.3
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2018-07-18 CVE-2018-2973 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE).
network
high complexity
oracle redhat netapp hp
5.9
2018-07-18 CVE-2018-2940 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle hp redhat netapp
4.3
2017-10-26 CVE-2017-15906 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
network
low complexity
openbsd oracle debian netapp redhat CWE-732
5.3
2017-10-19 CVE-2017-10357 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization).
network
low complexity
oracle redhat netapp debian
5.3
2017-10-19 CVE-2017-10356 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security).
local
low complexity
oracle redhat netapp debian
6.2