Vulnerabilities > Netapp > Oncommand Insight

DATE CVE VULNERABILITY TITLE RISK
2021-10-20 CVE-2021-35577 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
netapp oracle fedoraproject
4.9
4.9
2021-10-20 CVE-2021-35578 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).
network
low complexity
oracle netapp debian fedoraproject
5.3
5.3
2021-10-20 CVE-2021-35583 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows).
network
low complexity
oracle netapp
5.0
5.0
2021-10-20 CVE-2021-35584 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL).
network
low complexity
oracle netapp
4.0
4.0
2021-10-20 CVE-2021-35586 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO).
network
low complexity
oracle netapp fedoraproject debian
5.3
5.3
2021-10-20 CVE-2021-35588 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
network
high complexity
oracle netapp fedoraproject debian
3.1
3.1
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
7.5
2021-10-15 CVE-2020-4951 Information Exposure vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
local
low complexity
ibm netapp CWE-200
2.1
2.1
2021-10-15 CVE-2021-29679 Code Injection vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive.
network
low complexity
ibm netapp CWE-94
6.5
6.5