HCI Storage Node

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-22	CVE-2021-2163	Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network high complexity oracle debian fedoraproject netapp	5.3
2021-04-22	CVE-2021-2161	Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network high complexity oracle debian fedoraproject netapp mcafee	5.9
2021-04-01	CVE-2021-22890	Authentication Bypass by Spoofing vulnerability in multiple products curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. network high complexity haxx fedoraproject netapp broadcom debian siemens oracle splunk CWE-290	3.7
2021-04-01	CVE-2021-22876	Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. network low complexity haxx fedoraproject netapp broadcom debian siemens oracle splunk CWE-200	5.3
2021-01-08	CVE-2020-8584	Code Injection vulnerability in Netapp products Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. network low complexity netapp CWE-94 critical	10.0
2020-12-14	CVE-2020-8284	A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. network high complexity haxx fedoraproject debian netapp apple oracle fujitsu siemens splunk	3.7
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-11-28	CVE-2020-29369	Race Condition vulnerability in multiple products An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. local high complexity linux netapp CWE-362	7.0
2020-10-22	CVE-2019-17006	Insufficient Verification of Data Authenticity vulnerability in multiple products In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. network low complexity siemens mozilla netapp CWE-345 critical	10.0
2020-10-21	CVE-2020-14803	Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). network low complexity oracle netapp debian opensuse	5.0