HCI Management Node

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-20	CVE-2021-33909	Integer Overflow or Wraparound vulnerability in multiple products fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. local low complexity linux fedoraproject debian netapp oracle sonicwall CWE-190	7.8
2021-07-20	CVE-2021-33910	Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. local low complexity systemd-project fedoraproject debian netapp CWE-770	5.5
2021-07-15	CVE-2021-34429	For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. network low complexity eclipse netapp oracle	5.3
2021-07-07	CVE-2021-22555	Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. local low complexity linux brocade netapp CWE-787	4.6
2021-06-02	CVE-2021-3522	Out-of-bounds Read vulnerability in multiple products GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. local low complexity gstreamer-project netapp oracle CWE-125	5.5
2021-05-19	CVE-2021-3517	Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. network low complexity xmlsoft redhat fedoraproject debian netapp oracle CWE-787	8.6
2021-04-22	CVE-2021-2163	Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network high complexity oracle debian fedoraproject netapp	5.3
2021-04-22	CVE-2021-2161	Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network high complexity oracle debian fedoraproject netapp mcafee	5.9
2021-04-08	CVE-2021-29154	Command Injection vulnerability in multiple products BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. local low complexity linux fedoraproject debian netapp CWE-77	7.8
2021-04-01	CVE-2021-22890	Authentication Bypass by Spoofing vulnerability in multiple products curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. network high complexity haxx fedoraproject netapp broadcom debian siemens oracle splunk CWE-290	3.7