Steelstore_cloud_integrated_storage - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Steelstore_cloud_integrated_storage
(Netapp)

Repositories	• https://github.com/FasterXML/jackson-databind • https://github.com/openbsd/src • https://github.com/madler/zlib • https://github.com/openssh/openssh-portable
#Vulnerabilities	210

Date	Id	Summary	Products	Score	Patch	Annotated
2020-07-24	CVE-2020-15778	scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."	Fabric_operating_system, A700s_firmware, Active_iq_unified_manager, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage, Openssh	7.8
2020-06-15	CVE-2020-14155	libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.	Macos, Gitlab, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage, Communications_cloud_native_core_policy, Pcre, Universal_forwarder	5.3
2020-05-05	CVE-2020-12659	An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.	Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Hci_baseboard_management_controller, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller, Steelstore_cloud_integrated_storage	6.7
2020-06-09	CVE-2020-10757	A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_mrg	7.8
2019-09-17	CVE-2019-14835	A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.	Ubuntu_linux, Debian_linux, Fedora, Imanager_neteco, Imanager_neteco_6000, Manageone, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization, Virtualization_host	7.8
2020-01-21	CVE-2019-20388	xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.	Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2	7.5
2020-04-08	CVE-2019-20636	In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.	Linux_kernel, Cloud_backup, Fas_8300, Fas_8700, Fas_a400, Fas_baseboard_management_controller_a220, Fas_baseboard_management_controller_a320, Fas_baseboard_management_controller_a800, Fas_baseboard_management_controller_c190, H300s, H410s, H500s, H610c, H610s, H615c, H700s, Solidfire, Steelstore_cloud_integrated_storage	6.7
2020-04-10	CVE-2020-8832	The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.	Ubuntu_linux, Aff_8300_firmware, Aff_8700_firmware, Aff_a220_firmware, Aff_a320_firmware, Aff_a400_firmware, Aff_a700s_firmware, Aff_c190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, Fas8300_firmware, Fas8700_firmware, Fas_baseboard_management_controller_a220_firmware, Fas_baseboard_management_controller_a320_firmware, Fas_baseboard_management_controller_a400_firmware, Fas_baseboard_management_controller_a800_firmware, Fas_baseboard_management_controller_c190_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage	5.5
2017-05-23	CVE-2016-9841	inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.	Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_storage_node, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Symantec_netbackup, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib	9.8
2019-01-02	CVE-2018-14719	FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.	Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Clusterware, Communications_billing_and_revenue_management, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jdeveloper, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_merchandising_system, Retail_workforce_management_software, Webcenter_portal, Openshift_container_platform	9.8