High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-01	CVE-2019-4723	Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. network low complexity ibm netapp CWE-522	7.5
2021-06-01	CVE-2019-4724	Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. network low complexity ibm netapp CWE-522	7.5
2021-06-01	CVE-2019-4730	XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. network low complexity ibm netapp CWE-611	7.1
2021-06-01	CVE-2020-4300	XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. network low complexity ibm netapp CWE-611	8.2
2021-06-01	CVE-2020-4520	Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. network low complexity ibm netapp CWE-79	8.8
2021-06-01	CVE-2021-3516	Use After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. local low complexity xmlsoft debian fedoraproject redhat netapp oracle CWE-416	7.8
2021-06-01	CVE-2021-23017	Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. network high complexity f5 openresty fedoraproject netapp oracle CWE-193	7.7
2021-05-28	CVE-2021-29505	Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.8
2021-05-28	CVE-2021-33587	The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. network low complexity css-what-project netapp	7.5
2021-05-28	CVE-2021-33623	Resource Exhaustion vulnerability in multiple products The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. network low complexity trim-newlines-project netapp debian CWE-400	7.5