Oncommand Insight

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-19	CVE-2021-20190	A flaw was found in jackson-databind before 2.9.10.7. network high complexity fasterxml netapp apache debian oracle	8.1
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-11-06	CVE-2020-28196	Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. network low complexity mit fedoraproject netapp oracle CWE-674	7.5
2020-11-02	CVE-2020-25689	A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. network low complexity redhat netapp	6.5
2020-10-06	CVE-2020-25644	Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. network low complexity redhat netapp CWE-401	7.5
2020-09-23	CVE-2020-10714	A flaw was found in WildFly Elytron version 1.11.3.Final and before. network high complexity redhat netapp	7.5
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. network high complexity vmware oracle netapp	6.5
2020-09-01	CVE-2020-13946	Exposure of Resource to Wrong Sphere vulnerability in multiple products In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. network high complexity apache netapp CWE-668	5.9
2020-07-24	CVE-2020-8174	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. network high complexity nodejs oracle netapp CWE-191	8.1
2020-07-15	CVE-2020-14702	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). network low complexity netapp canonical oracle	4.9