Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-19 | CVE-2020-25097 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. | 8.6 |
2021-03-17 | CVE-2021-28660 | Out-of-bounds Write vulnerability in multiple products rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. | 8.8 |
2021-03-15 | CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. | 7.5 |
2021-03-15 | CVE-2021-28375 | Missing Authorization vulnerability in multiple products An issue was discovered in the Linux kernel through 5.11.6. | 7.8 |
2021-03-11 | CVE-2020-5025 | Classic Buffer Overflow vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.2 |
2021-03-09 | CVE-2020-35524 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. | 7.8 |
2021-03-09 | CVE-2020-35523 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. | 7.8 |
2021-03-05 | CVE-2021-28041 | Double Free vulnerability in multiple products ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | 7.1 |
2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 7.5 |
2021-03-03 | CVE-2021-22883 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. | 7.5 |