Vulnerabilities > Netapp > Oncommand Insight > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2021-21267 Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector).
network
low complexity
schema-inspector-project netapp
7.5
2021-03-11 CVE-2020-5025 Classic Buffer Overflow vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
local
low complexity
ibm netapp CWE-120
7.8
2021-03-11 CVE-2020-5024 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response.
network
low complexity
ibm netapp
7.5
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
2021-02-19 CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens.
network
high complexity
apache netapp CWE-352
7.5
2021-01-19 CVE-2021-20190 A flaw was found in jackson-databind before 2.9.10.7.
network
high complexity
fasterxml netapp apache debian oracle
8.1
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in multiple products
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit fedoraproject netapp oracle CWE-674
7.5
2020-10-06 CVE-2020-25644 Memory Leak vulnerability in multiple products
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session.
network
low complexity
redhat netapp CWE-401
7.5
2020-09-23 CVE-2020-10714 A flaw was found in WildFly Elytron version 1.11.3.Final and before.
network
high complexity
redhat netapp
7.5
2020-07-24 CVE-2020-8174 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
network
high complexity
nodejs oracle netapp CWE-191
8.1