This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Netapp First view 2007-05-21
Product Steelstore Cloud Integrated Storage Last view 2020-10-21
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:netapp:steelstore_cloud_integrated_storage

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.7 2020-10-21 CVE-2020-14782

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

9.8 2020-09-10 CVE-2020-8758

Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

3.7 2020-07-30 CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

7.8 2020-07-24 CVE-2020-15778

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

5.9 2020-06-29 CVE-2020-14145

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

8.1 2020-06-16 CVE-2020-14195

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

8.1 2020-06-14 CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

8.1 2020-06-14 CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).

8.1 2020-06-14 CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

4.4 2020-06-12 CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

7.7 2020-06-04 CVE-2020-13692

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

7 2020-04-30 CVE-2020-1752

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

7.5 2020-04-21 CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

8.1 2020-04-07 CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

8.1 2020-04-07 CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

8.8 2020-03-31 CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8 2020-03-31 CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8 2020-03-31 CVE-2020-11111

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

8.8 2020-03-26 CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8 2020-03-26 CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

8.8 2020-03-18 CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

8.8 2020-03-18 CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

9.8 2020-03-02 CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.

9.8 2020-02-10 CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

7.5 2020-01-21 CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CWE : Common Weakness Enumeration

%idName
45% (20) CWE-502 Deserialization of Untrusted Data
9% (4) CWE-200 Information Exposure
6% (3) CWE-787 Out-of-bounds Write
6% (3) CWE-416 Use After Free
2% (1) CWE-772 Missing Release of Resource after Effective Lifetime
2% (1) CWE-674 Uncontrolled Recursion
2% (1) CWE-617 Reachable Assertion
2% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-369 Divide By Zero
2% (1) CWE-362 Race Condition
2% (1) CWE-203 Information Exposure Through Discrepancy
2% (1) CWE-190 Integer Overflow or Wraparound
2% (1) CWE-125 Out-of-bounds Read
2% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
2% (1) CWE-20 Improper Input Validation
2% (1) CWE-19 Data Handling

Open Source Vulnerability Database (OSVDB)

id Description
34601 OPIE w/ OpenSSH Account Enumeration

Snort® IPS/IDS

Date Description
2020-10-13 Intel AMT HTTP negative content-length attempt
RuleID : 55210 - Type : SERVER-OTHER - Revision : 1
2020-10-13 Intel AMT HTTP negative content-length attempt
RuleID : 55209 - Type : SERVER-OTHER - Revision : 1
2020-10-13 Intel AMT HTTP invalid chunk size attempt
RuleID : 55208 - Type : SERVER-OTHER - Revision : 1
2020-10-13 Intel AMT HTTP invalid chunk size attempt
RuleID : 55207 - Type : SERVER-OTHER - Revision : 1
2019-12-05 ISC BIND DHCP client DNAME resource record parsing denial of service attempt
RuleID : 52078 - Type : SERVER-OTHER - Revision : 1
2018-05-22 Multiple Vendors NTP zero-origin timestamp denial of service attempt
RuleID : 46387 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1008.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-065a7722ee.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1411.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1413.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1431.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1405.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1109.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3092.nasl - Type: ACT_GATHER_INFO
2018-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201810-03.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1075.nasl - Type: ACT_GATHER_INFO
2018-09-14 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f56ded11c4.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1075.nasl - Type: ACT_GATHER_INFO
2018-08-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1476.nasl - Type: ACT_GATHER_INFO
2018-08-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4280.nasl - Type: ACT_GATHER_INFO
2018-08-22 Name: The remote Debian host is missing a security update.
File: debian_DLA-1474.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0111.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0020.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201805-12.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-992.nasl - Type: ACT_GATHER_INFO
2018-04-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote NTP server is affected by multiple vulnerabilities.
File: ntp_4_2_8p11.nasl - Type: ACT_GATHER_INFO