Oncommand Insight

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-22	CVE-2021-2144	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). network low complexity oracle netapp mariadb	6.5
2021-03-26	CVE-2021-20289	Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. network low complexity redhat netapp quarkus oracle CWE-209	5.0
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-19	CVE-2021-21267	Resource Exhaustion vulnerability in multiple products Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). network low complexity schema-inspector-project netapp CWE-400	5.0
2021-03-11	CVE-2020-5025	Classic Buffer Overflow vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. local low complexity ibm netapp CWE-120	7.2
2021-03-11	CVE-2020-5024	IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. network low complexity ibm netapp	5.0
2021-03-11	CVE-2020-4976	Incorrect Default Permissions vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. local low complexity ibm netapp CWE-276	3.6
2021-03-03	CVE-2021-22884	Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. network high complexity nodejs fedoraproject netapp oracle siemens	7.5
2021-02-19	CVE-2021-26296	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. network high complexity apache netapp CWE-352	5.1
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9