Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-14 | CVE-2021-4044 | Infinite Loop vulnerability in multiple products Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. | 7.5 |
2021-12-13 | CVE-2021-43818 | Injection vulnerability in multiple products lxml is a library for processing XML and HTML in the Python language. | 7.1 |
2021-12-09 | CVE-2021-29678 | Incorrect Authorization vulnerability in multiple products IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. | 8.7 |
2021-12-09 | CVE-2021-39002 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-12-08 | CVE-2018-25020 | Classic Buffer Overflow vulnerability in multiple products The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. | 7.8 |
2021-12-03 | CVE-2021-20470 | Weak Password Requirements vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
2021-12-03 | CVE-2021-29756 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2021-11-15 | CVE-2021-43618 | Integer Overflow or Wraparound vulnerability in multiple products GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | 7.5 |
2021-11-02 | CVE-2017-5123 | Improper Input Validation vulnerability in multiple products Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. | 8.8 |
2021-11-01 | CVE-2021-27005 | Unspecified vulnerability in Netapp Ontap System Manager 9.7/9.8/9.9.12 Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | 7.5 |