Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-20 | CVE-2021-35594 | Improper Validation of Array Index vulnerability in multiple products Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). | 6.3 |
| 2021-10-20 | CVE-2021-35598 | Improper Validation of Array Index vulnerability in multiple products Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). | 6.3 |
| 2021-10-20 | CVE-2021-35604 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 5.5 |
| 2021-10-20 | CVE-2021-35612 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.5 |
| 2021-10-20 | CVE-2021-35584 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL). | 4.3 |
| 2021-10-19 | CVE-2021-27001 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | 5.5 |
| 2021-10-12 | CVE-2021-27003 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | 4.7 |
| 2021-10-12 | CVE-2021-3671 | NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). | 6.5 |
| 2021-10-04 | CVE-2021-32672 | Out-of-bounds Read vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. | 4.3 |
| 2021-10-04 | CVE-2021-21704 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. | 5.9 |