Vulnerabilities > Netapp > Oncommand Insight > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-19 CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
network
low complexity
xmlsoft redhat fedoraproject debian netapp oracle
8.6
8.6
2021-03-23 CVE-2021-21349 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. 		8.6
8.6
2021-03-23 CVE-2021-21348 Resource Exhaustion vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. 		7.5
7.5
2021-03-23 CVE-2021-21343 External Control of File Name or Path vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. 		7.5
7.5
2021-03-23 CVE-2021-21341 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. 		7.5
7.5
2021-03-19 CVE-2021-21267 Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector).
network
low complexity
schema-inspector-project netapp
7.5
7.5
2021-03-11 CVE-2020-5025 Classic Buffer Overflow vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
local
low complexity
ibm netapp CWE-120
7.8
7.8
2021-03-11 CVE-2020-5024 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response.
network
low complexity
ibm netapp
7.5
7.5
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
7.5
2021-02-19 CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens.
network
high complexity
apache netapp CWE-352
7.5
7.5