High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-29	CVE-2021-25742	A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. network low complexity kubernetes netapp	7.1
2021-10-28	CVE-2021-43057	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.14.8. local low complexity linux netapp CWE-416	7.8
2021-10-25	CVE-2021-21703	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. local high complexity php debian fedoraproject netapp oracle CWE-787	7.0
2021-10-20	CVE-2021-35610	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp fedoraproject	7.1
2021-10-20	CVE-2021-35560	Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). network high complexity oracle netapp	7.5
2021-10-20	CVE-2021-35583	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). network low complexity oracle netapp	7.5
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5
2021-10-19	CVE-2021-37137	Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. network low complexity netty oracle quarkus netapp debian CWE-400	7.5
2021-10-15	CVE-2021-29679	Code Injection vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. network low complexity ibm netapp CWE-94	8.8
2021-10-15	CVE-2021-29745	IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. network low complexity ibm netapp	8.8