RSS   Vulnerabilities for
'Steelstore cloud integrated storage'
   RSS

2020-09-10
 
CVE-2020-8758

CWE-119
 

 
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

 
2019-02-27
 
CVE-2019-1559

CWE-200
 

 
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

 
2019-02-25
 
CVE-2019-9169

CWE-125
 

 
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

 
 
CVE-2018-20796

CWE-674
 

 
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

 
 
CVE-2009-5155

CWE-19
 

 
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

 
2019-01-10
 
CVE-2018-20685

CWE-706
 

 
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

 
2018-08-17
 
CVE-2018-15473

CWE-200
 

 
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

 
2018-03-06
 
CVE-2018-7184

CWE-20
 

 
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

 
2018-02-01
 
CVE-2018-6485

CWE-190
 

 
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

 

 >>> Vendor: Netapp 93 Products
Data ontap
Cloud manager
Oncommand balance
Oncommand workflow automation
Clustered data ontap
Oncommand system manager
Netapp plug-in
Snap creator framework
Metrocluster tiebreaker
Oncommand insight
Snapdrive
Virtual storage console for vmware vsphere
Snapcenter server
Oncommand unified manager for clustered data ontap
Ontap select administration utility
Oncommand unified manager core package
Altavault
Oncommand api
Storagegrid webscale
Host agent
Vasa provider
Service level manager
Trident
Cloud backup
Hyper converged infrastructure
Solidfire element os
Oncommand unified manager
Santricity smi-s provider
Steelstore
Cn1610 firmware
Data ontap edge
Element software management node
Solidfire element os management node
Element software
Santricity cloud connector
Active iq
E-series santricity os controller
Snapcenter
Snapdriver
Ontap select deploy
Steelstore cloud integrated storage
Storage automation store
Snapmanager
Ontap select deploy utility
Storagegrid
Active iq performance analytics services
Ontap select deploy administration utility
Element software management
Fas/aff baseboard management controller
E-series santricity management plug-ins
E-series santricity web services proxy
Service processor
Aff baseboard management controller
Fas baseboard management controller
Storagegrid webscale nas bridge
Cloud insights
Oncommand api services
E-series santricity management
E-series santricity storage manager
E-series santricity web services
Brocade network advisor
Virtual storage console
Hyper converged infrastructure compute node
Clustered data ontap antivirus connector
Smi-s provider
Hci storage nodes
Data ontap operating in 7-mode
Oncommand unified manger
Baseboard management controller firmware
E-series santricity unified manager
Oncommand cloud manager
Active iq unified manager
Element healthtools
Element os
HCI
Element
Hci management node
Solidfire
Hci storage node
Element plug-in for vcenter server
Management services for element software and netapp hci
Solidfire \& hci management node
Brocade fabric os
Manageability software development kit
Storage encryption
Santricity unified manager
Ontap system manager
Brocade san navigator
Cloud insights acquisition unit
Cloud secure agent
Ontap tools
Fas\/aff bios
Cloud volumes ontap mediator


Copyright 2024, cxsecurity.com

 

Back to Top