Vulnerabilities > Netapp > Oncommand Insight

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
2021-06-30 CVE-2021-20461 Exposure of Resource to Wrong Sphere vulnerability in multiple products
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting.
network
low complexity
ibm netapp CWE-668
6.5
2021-06-11 CVE-2021-22901 Use After Free vulnerability in multiple products
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.
network
high complexity
haxx oracle netapp siemens splunk CWE-416
8.1
2021-06-10 CVE-2021-20293 A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType.
network
low complexity
redhat netapp
6.1
2021-06-02 CVE-2021-3522 Out-of-bounds Read vulnerability in multiple products
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
local
low complexity
gstreamer-project netapp oracle CWE-125
5.5
2021-06-02 CVE-2020-10771 A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests.
network
low complexity
infinispan redhat netapp
7.1
2021-06-02 CVE-2020-14326 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes.
network
low complexity
redhat netapp
7.5
2021-06-01 CVE-2019-4471 Missing Encryption of Sensitive Data vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session.
network
low complexity
ibm netapp CWE-311
6.5
2021-06-01 CVE-2019-4653 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2021-06-01 CVE-2019-4722 Improper Handling of Exceptional Conditions vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions.
network
low complexity
ibm netapp CWE-755
4.3