| 2022-05-03 | CVE-2022-29824 | Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. | 6.5 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-04-27 | CVE-2022-24736 | NULL Pointer Dereference vulnerability in multiple products
Redis is an in-memory database that persists on disk. | 5.5 |
| 2022-04-22 | CVE-2021-20464 | XML Entity Expansion vulnerability in multiple products
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. | 6.5 |
| 2022-04-22 | CVE-2021-29824 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. | 4.3 |
| 2022-04-22 | CVE-2021-38903 | Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2022-04-22 | CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. | 6.5 |
| 2022-04-22 | CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. | 4.3 |
| 2022-04-22 | CVE-2021-38946 | Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. | 5.4 |
| 2022-04-19 | CVE-2022-21412 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |