Vulnerabilities > Netapp > Oncommand Insight > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2021-21267 Resource Exhaustion vulnerability in multiple products
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector).
network
low complexity
schema-inspector-project netapp CWE-400
5.0
5.0
2021-03-11 CVE-2020-5024 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response.
network
low complexity
ibm netapp
5.0
5.0
2021-02-19 CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens.
network
high complexity
apache netapp CWE-352
5.1
5.1
2021-02-16 CVE-2021-23841 NULL Pointer Dereference vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. 		5.9
5.9
2021-01-20 CVE-2021-2122 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
network
low complexity
oracle netapp
6.8
6.8
2021-01-20 CVE-2021-2088 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
local
low complexity
oracle netapp
4.9
4.9
2021-01-20 CVE-2021-2087 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
local
low complexity
oracle netapp
4.9
4.9
2021-01-20 CVE-2021-2081 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
network
low complexity
oracle netapp
6.8
6.8
2021-01-20 CVE-2021-2076 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle netapp
6.8
6.8
2021-01-20 CVE-2021-2072 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
network
low complexity
oracle netapp
6.8
6.8