2021-07-13 | CVE-2021-36090 | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-06-30 | CVE-2021-20461 | Exposure of Resource to Wrong Sphere vulnerability in multiple products IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. | 6.5 |
2021-06-11 | CVE-2021-22901 | Use After Free vulnerability in multiple products curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. | 8.1 |
2021-06-10 | CVE-2021-20293 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. | 6.1 |
2021-06-02 | CVE-2021-3522 | Out-of-bounds Read vulnerability in multiple products GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | 5.5 |
2021-06-02 | CVE-2020-10771 | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. | 7.1 |
2021-06-02 | CVE-2020-14326 | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. | 7.5 |
2021-06-01 | CVE-2019-4471 | Missing Encryption of Sensitive Data vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. | 6.5 |
2021-06-01 | CVE-2019-4653 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 5.4 |
2021-06-01 | CVE-2019-4722 | Improper Handling of Exceptional Conditions vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. | 4.3 |