Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-01 | CVE-2020-4300 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2021-06-01 | CVE-2020-4520 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. | 8.8 |
2021-06-01 | CVE-2021-3516 | Use After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. | 7.8 |
2021-06-01 | CVE-2021-23017 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | 7.7 |
2021-05-28 | CVE-2021-29505 | XStream is software for serializing Java objects to XML and back again. | 8.8 |
2021-05-28 | CVE-2021-33587 | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | 7.5 |
2021-05-28 | CVE-2021-33623 | Resource Exhaustion vulnerability in multiple products The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | 7.5 |
2021-05-27 | CVE-2021-22118 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | 7.8 |
2021-05-27 | CVE-2021-33200 | Out-of-bounds Write vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. | 7.8 |
2021-05-27 | CVE-2021-28651 | Memory Leak vulnerability in multiple products An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. | 7.5 |