Vulnerabilities > Netapp > Oncommand Insight > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
2021-06-11 CVE-2021-22901 Use After Free vulnerability in multiple products
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.
network
high complexity
haxx oracle netapp siemens splunk CWE-416
8.1
2021-06-02 CVE-2020-10771 A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests.
network
low complexity
infinispan redhat netapp
7.1
2021-06-02 CVE-2020-14326 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes.
network
low complexity
redhat netapp
7.5
2021-06-01 CVE-2019-4723 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page.
network
low complexity
ibm netapp CWE-522
7.5
2021-06-01 CVE-2019-4724 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page.
network
low complexity
ibm netapp CWE-522
7.5
2021-06-01 CVE-2019-4730 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
7.1
2021-06-01 CVE-2020-4300 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
8.2
2021-06-01 CVE-2020-4520 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code.
network
low complexity
ibm netapp CWE-79
8.8
2021-05-19 CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
network
low complexity
xmlsoft redhat fedoraproject debian netapp oracle
8.6