High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-01	CVE-2020-4300	XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. network low complexity ibm netapp CWE-611	8.2
2021-06-01	CVE-2020-4520	Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. network low complexity ibm netapp CWE-79	8.8
2021-06-01	CVE-2021-3516	Use After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. local low complexity xmlsoft debian fedoraproject redhat netapp oracle CWE-416	7.8
2021-06-01	CVE-2021-23017	A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. network high complexity f5 openresty fedoraproject netapp oracle	7.7
2021-05-28	CVE-2021-29505	XStream is software for serializing Java objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle	8.8
2021-05-28	CVE-2021-33587	The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. network low complexity css-what-project netapp	7.5
2021-05-28	CVE-2021-33623	Resource Exhaustion vulnerability in multiple products The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. network low complexity trim-newlines-project netapp debian CWE-400	7.5
2021-05-27	CVE-2021-22118	Exposure of Resource to Wrong Sphere vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. local low complexity vmware oracle netapp CWE-668	7.8
2021-05-27	CVE-2021-33200	Out-of-bounds Write vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. local low complexity linux fedoraproject netapp CWE-787	7.8
2021-05-27	CVE-2021-28651	Memory Leak vulnerability in multiple products An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. network low complexity squid-cache debian fedoraproject netapp CWE-401	7.5