Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-31	CVE-2021-3634	Out-of-bounds Write vulnerability in multiple products A flaw has been found in libssh in versions prior to 0.9.6. network low complexity libssh redhat debian fedoraproject oracle netapp CWE-787	6.5
2021-08-23	CVE-2021-39140	XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle	6.3
2021-08-16	CVE-2021-22939	Improper Certificate Validation vulnerability in multiple products If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. network low complexity nodejs oracle netapp siemens debian CWE-295	5.3
2021-08-08	CVE-2021-38199	fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. low complexity linux netapp debian	6.5
2021-08-08	CVE-2021-38203	Improper Locking vulnerability in multiple products btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info. local low complexity linux netapp CWE-667	5.5
2021-08-06	CVE-2021-26998	Information Exposure Through Log Files vulnerability in Netapp Cloud Manager NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. network low complexity netapp CWE-532	4.3
2021-08-06	CVE-2021-26999	Information Exposure Through Log Files vulnerability in Netapp Cloud Manager NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. network low complexity netapp CWE-532	4.3
2021-08-05	CVE-2021-22922	Improper Handling of Exceptional Conditions vulnerability in multiple products When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. network low complexity haxx fedoraproject netapp oracle siemens splunk CWE-755	6.5
2021-08-05	CVE-2021-22923	Insufficiently Protected Credentials vulnerability in multiple products When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. network high complexity haxx fedoraproject netapp oracle siemens splunk CWE-522	5.3
2021-08-05	CVE-2021-22925	Use of Uninitialized Resource vulnerability in multiple products curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. network low complexity haxx fedoraproject netapp apple oracle siemens splunk CWE-908	5.3