Summary
| Detail | |||
|---|---|---|---|
| Vendor | Netapp | First view | 2016-11-02 |
| Product | Steelstore Cloud Integrated Storage | Last view | 2020-09-10 |
| Version | - | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:netapp:steelstore_cloud_integrated_storage | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2020-09-10 | CVE-2020-8758 | Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. |
| 3.7 | 2020-07-30 | CVE-2020-16166 | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |
| 5.9 | 2020-06-29 | CVE-2020-14145 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). |
| 8.1 | 2020-06-16 | CVE-2020-14195 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). |
| 8.1 | 2020-06-14 | CVE-2020-14062 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). |
| 8.1 | 2020-06-14 | CVE-2020-14061 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). |
| 8.1 | 2020-06-14 | CVE-2020-14060 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). |
| 4.4 | 2020-06-12 | CVE-2020-10732 | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. |
| 7 | 2020-04-30 | CVE-2020-1752 | A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. |
| 7.5 | 2020-04-21 | CVE-2020-1967 | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). |
| 8.1 | 2020-04-07 | CVE-2020-11620 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). |
| 8.1 | 2020-04-07 | CVE-2020-11619 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). |
| 8.8 | 2020-03-31 | CVE-2020-11113 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). |
| 8.8 | 2020-03-31 | CVE-2020-11112 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). |
| 8.8 | 2020-03-31 | CVE-2020-11111 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). |
| 8.8 | 2020-03-26 | CVE-2020-10969 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. |
| 8.8 | 2020-03-26 | CVE-2020-10968 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). |
| 8.8 | 2020-03-18 | CVE-2020-10672 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). |
| 9.8 | 2020-03-02 | CVE-2019-14893 | A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. |
| 9.8 | 2020-02-10 | CVE-2020-8840 | FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. |
| 8.1 | 2020-01-15 | CVE-2020-2604 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| 9.8 | 2020-01-03 | CVE-2019-20330 | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. |
| 9.8 | 2019-10-12 | CVE-2019-17531 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. |
| 9.8 | 2019-10-06 | CVE-2019-17267 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. |
| 9.8 | 2019-10-01 | CVE-2019-16943 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 55% (20) | CWE-502 | Deserialization of Untrusted Data |
| 8% (3) | CWE-200 | Information Exposure |
| 5% (2) | CWE-787 | Out-of-bounds Write |
| 2% (1) | CWE-674 | Uncontrolled Recursion |
| 2% (1) | CWE-617 | Reachable Assertion |
| 2% (1) | CWE-476 | NULL Pointer Dereference |
| 2% (1) | CWE-416 | Use After Free |
| 2% (1) | CWE-362 | Race Condition |
| 2% (1) | CWE-203 | Information Exposure Through Discrepancy |
| 2% (1) | CWE-190 | Integer Overflow or Wraparound |
| 2% (1) | CWE-125 | Out-of-bounds Read |
| 2% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 2% (1) | CWE-20 | Improper Input Validation |
| 2% (1) | CWE-19 | Data Handling |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-10-13 | Intel AMT HTTP negative content-length attempt RuleID : 55210 - Type : SERVER-OTHER - Revision : 1 |
| 2020-10-13 | Intel AMT HTTP negative content-length attempt RuleID : 55209 - Type : SERVER-OTHER - Revision : 1 |
| 2020-10-13 | Intel AMT HTTP invalid chunk size attempt RuleID : 55208 - Type : SERVER-OTHER - Revision : 1 |
| 2020-10-13 | Intel AMT HTTP invalid chunk size attempt RuleID : 55207 - Type : SERVER-OTHER - Revision : 1 |
| 2019-12-05 | ISC BIND DHCP client DNAME resource record parsing denial of service attempt RuleID : 52078 - Type : SERVER-OTHER - Revision : 1 |
| 2018-05-22 | Multiple Vendors NTP zero-origin timestamp denial of service attempt RuleID : 46387 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO |
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1008.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-065a7722ee.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1411.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1413.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1431.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1405.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1109.nasl - Type: ACT_GATHER_INFO |
| 2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3092.nasl - Type: ACT_GATHER_INFO |
| 2018-10-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201810-03.nasl - Type: ACT_GATHER_INFO |
| 2018-09-27 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1075.nasl - Type: ACT_GATHER_INFO |
| 2018-09-14 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f56ded11c4.nasl - Type: ACT_GATHER_INFO |
| 2018-09-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1075.nasl - Type: ACT_GATHER_INFO |
| 2018-08-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1476.nasl - Type: ACT_GATHER_INFO |
| 2018-08-23 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4280.nasl - Type: ACT_GATHER_INFO |
| 2018-08-22 | Name: The remote Debian host is missing a security update. File: debian_DLA-1474.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0111.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO |
| 2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0020.nasl - Type: ACT_GATHER_INFO |
| 2018-05-29 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201805-12.nasl - Type: ACT_GATHER_INFO |
| 2018-05-11 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
| 2018-05-11 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
| 2018-04-18 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-992.nasl - Type: ACT_GATHER_INFO |
| 2018-04-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO |
| 2018-03-09 | Name: The remote NTP server is affected by multiple vulnerabilities. File: ntp_4_2_8p11.nasl - Type: ACT_GATHER_INFO |
