Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-2154 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
network
low complexity
oracle mariadb netapp fedoraproject
4.9
2021-04-22 CVE-2021-2146 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).
network
low complexity
oracle fedoraproject netapp
4.9
2021-04-22 CVE-2021-2144 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).
network
low complexity
oracle netapp mariadb
6.5
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2021-04-01 CVE-2021-22876 Information Exposure vulnerability in multiple products
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header.
5.3
2021-04-01 CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory.
network
low complexity
eclipse netapp oracle
5.3
2021-03-30 CVE-2021-21409 HTTP Request Smuggling vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty debian netapp oracle quarkus CWE-444
5.9
2021-03-26 CVE-2021-20289 Information Exposure Through an Error Message vulnerability in multiple products
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final.
network
low complexity
redhat netapp quarkus oracle CWE-209
5.0
2021-03-26 CVE-2021-20284 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly.
local
low complexity
gnu netapp CWE-119
5.5
2021-03-26 CVE-2021-20197 Link Following vulnerability in multiple products
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib.
local
high complexity
gnu redhat netapp broadcom CWE-59
6.3