Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-03	CVE-2021-29719	IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. network low complexity ibm netapp	5.3
2021-12-03	CVE-2021-29756	Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network ibm netapp CWE-352	6.8
2021-12-03	CVE-2021-29867	IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. network low complexity ibm netapp	5.5
2021-11-29	CVE-2021-21707	In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. network low complexity php netapp debian tenable	5.3
2021-11-17	CVE-2021-43975	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. local low complexity linux fedoraproject debian netapp CWE-787	6.7
2021-11-17	CVE-2021-43976	In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). low complexity linux fedoraproject debian netapp oracle	4.6
2021-11-15	CVE-2021-42373	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given local low complexity busybox fedoraproject netapp CWE-476	5.5
2021-11-15	CVE-2021-42374	Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. local high complexity busybox fedoraproject netapp CWE-125	5.3
2021-11-15	CVE-2021-42375	An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. local low complexity busybox fedoraproject netapp	5.5
2021-11-15	CVE-2021-42376	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. local low complexity busybox fedoraproject netapp CWE-476	5.5