HCI Management Node

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-20	CVE-2021-35565	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). network low complexity oracle netapp fedoraproject debian	5.3
2021-10-20	CVE-2021-35567	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network low complexity oracle netapp debian fedoraproject	6.8
2021-10-20	CVE-2021-35578	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). network low complexity oracle netapp debian fedoraproject	5.3
2021-10-20	CVE-2021-35586	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). network low complexity oracle netapp fedoraproject debian	5.3
2021-10-20	CVE-2021-35588	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). network high complexity oracle netapp fedoraproject debian	3.1
2021-10-02	CVE-2021-41864	Integer Overflow or Wraparound vulnerability in multiple products prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. local low complexity linux fedoraproject netapp debian CWE-190	7.8
2021-09-26	CVE-2021-41617	sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. local high complexity openbsd fedoraproject netapp oracle starwindsoftware	7.0
2021-09-15	CVE-2016-20012	OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. network low complexity openbsd netapp	5.3
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-24	CVE-2021-3712	Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. network high complexity openssl debian netapp mcafee tenable oracle siemens CWE-125	7.4