Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Oncommand Insight
Total 908 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3597 2 Netapp, Redhat 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more 2024-11-21 2.6 LOW 5.9 MEDIUM
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
CVE-2021-3522 3 Gstreamer Project, Netapp, Oracle 12 Gstreamer, Active Iq Unified Manager, E-series Santricity Os Controller and 9 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVE-2021-3517 6 Debian, Fedoraproject, Netapp and 3 more 29 Debian Linux, Fedora, Active Iq Unified Manager and 26 more 2024-11-21 7.5 HIGH 8.6 HIGH
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
CVE-2021-3449 12 Checkpoint, Debian, Fedoraproject and 9 more 167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2021-39047 2 Ibm, Netapp 3 Cognos Analytics, Planning Analytics, Oncommand Insight 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
CVE-2021-39045 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 5.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
CVE-2021-39009 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 5.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
CVE-2021-39002 6 Hp, Ibm, Linux and 3 more 7 Hp-ux, Aix, Db2 and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2021-38946 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
CVE-2021-38945 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 7.5 HIGH 9.8 CRITICAL
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVE-2021-38931 6 Hp, Ibm, Linux and 3 more 7 Hp-ux, Aix, Db2 and 4 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.
CVE-2021-38926 6 Hp, Ibm, Linux and 3 more 7 Hp-ux, Aix, Db2 and 4 more 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.
CVE-2021-38909 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.
CVE-2021-38905 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.
CVE-2021-38904 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.
CVE-2021-38903 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.
CVE-2021-38886 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
CVE-2021-37137 5 Debian, Netapp, Netty and 2 more 12 Debian Linux, Oncommand Insight, Netty and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CVE-2021-37136 5 Debian, Netapp, Netty and 2 more 19 Debian Linux, Oncommand Insight, Netty and 16 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CVE-2021-36222 4 Debian, Mit, Netapp and 1 more 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.