Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-22 CVE-2021-38904 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings.
network
low complexity
ibm netapp
6.5
6.5
2022-04-22 CVE-2021-38905 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to.
network
low complexity
ibm netapp
4.3
4.3
2022-04-22 CVE-2021-38946 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
5.4
2022-04-19 CVE-2022-21496 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI).
network
low complexity
oracle netapp debian azul
5.3
5.3
2022-04-14 CVE-2022-22968 Improper Handling of Case Sensitivity vulnerability in multiple products
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
network
low complexity
vmware netapp oracle CWE-178
5.3
5.3
2022-04-03 CVE-2022-28388 Double Free vulnerability in multiple products
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux debian fedoraproject netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-28389 Double Free vulnerability in multiple products
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-1210 Improper Resource Shutdown or Release vulnerability in multiple products
A vulnerability classified as problematic was found in LibTIFF 4.3.0.
network
low complexity
libtiff netapp CWE-404
6.5
6.5
2022-03-28 CVE-2022-1056 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff netapp CWE-125
5.5
5.5
2022-03-25 CVE-2021-4147 Improper Locking vulnerability in multiple products
A flaw was found in the libvirt libxl driver.
local
low complexity
redhat fedoraproject netapp CWE-667
6.5
6.5