Vulnerabilities > Netapp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 7.5 |
2021-10-19 | CVE-2021-27001 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | 5.5 |
2021-10-15 | CVE-2020-4951 | Information Exposure vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | 3.3 |
2021-10-15 | CVE-2021-29679 | Code Injection vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. | 8.8 |
2021-10-15 | CVE-2021-29745 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. | 8.8 |
2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
2021-10-12 | CVE-2021-27003 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | 4.7 |
2021-10-12 | CVE-2021-3671 | NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). | 6.5 |
2021-10-11 | CVE-2021-42252 | An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. | 7.8 |
2021-10-11 | CVE-2021-27002 | Unspecified vulnerability in Netapp Cloud Manager NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | 7.5 |