Oncommand Insight

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-16	CVE-2019-2914	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). network low complexity oracle canonical fedoraproject netapp	6.5
2019-10-16	CVE-2019-2911	Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). network low complexity oracle canonical fedoraproject netapp	2.7
2019-10-16	CVE-2019-2910	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). network high complexity oracle canonical netapp	3.7
2019-09-17	CVE-2019-4342	Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. network low complexity ibm netapp CWE-79	5.4
2019-09-17	CVE-2019-4183	Resource Exhaustion vulnerability in multiple products IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. network low complexity ibm netapp CWE-400	7.5
2019-09-16	CVE-2019-5482	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. network low complexity haxx fedoraproject opensuse netapp oracle debian CWE-787 critical	9.8
2019-09-09	CVE-2019-16168	Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." network low complexity sqlite netapp canonical fedoraproject debian tenable oracle mcafee CWE-369	6.5
2019-08-09	CVE-2019-5498	Unspecified vulnerability in Netapp Oncommand Insight OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. network low complexity netapp	6.5
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local low complexity haxx oracle netapp CWE-427	7.8
2019-07-01	CVE-2019-13118	Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. network low complexity xmlsoft opensuse netapp oracle fedoraproject canonical apple CWE-843	5.3