Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2020-17541 | Out-of-bounds Write vulnerability in Libjpeg-Turbo Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. | 8.8 |
| 2021-06-01 | CVE-2020-26668 | SQL Injection vulnerability in Bigtreecms Bigtree CMS A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function. | 8.8 |
| 2021-06-01 | CVE-2020-26670 | OS Command Injection vulnerability in Bigtreecms Bigtree CMS A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function. | 8.8 |
| 2021-06-01 | CVE-2019-4723 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. | 7.5 |
| 2021-06-01 | CVE-2019-4724 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. | 7.5 |
| 2021-06-01 | CVE-2019-4730 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-06-01 | CVE-2020-1920 | Incorrect Comparison vulnerability in Facebook React-Native A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. | 7.5 |
| 2021-06-01 | CVE-2020-4300 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-06-01 | CVE-2020-4520 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. | 8.8 |
| 2021-06-01 | CVE-2021-20576 | Unspecified vulnerability in IBM Application Gateway and Security Verify Access IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. | 7.5 |