Vulnerabilities > Netapp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-01 | CVE-2021-20468 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-29823 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-39009 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. | 5.5 |
2022-09-01 | CVE-2021-39045 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. | 5.5 |
2022-08-31 | CVE-2022-1354 | A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. | 5.5 |
2022-08-31 | CVE-2022-1355 | A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. | 6.1 |
2022-08-31 | CVE-2022-39046 | Information Exposure Through Log Files vulnerability in multiple products An issue was discovered in the GNU C Library (glibc) 2.36. | 5.3 |
2022-08-29 | CVE-2022-36033 | Cross-site Scripting vulnerability in multiple products jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. | 6.1 |
2022-08-29 | CVE-2022-2953 | Out-of-bounds Read vulnerability in multiple products LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2022-08-25 | CVE-2022-23235 | Unspecified vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. | 5.3 |