Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NetappOncommand Insight

16 matches found

CVE
CVEadded 2021/06/02 3:15 p.m.319 views

CVE-2021-3522

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

5.5CVSS5.5AI score0.00106EPSS
CVE
CVEadded 2021/06/11 4:15 p.m.220 views

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. Wh...

8.1CVSS8.2AI score0.00272EPSS
CVE
CVEadded 2021/06/10 12:15 p.m.123 views

CVE-2021-20293

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The high...

6.1CVSS5.6AI score0.002EPSS
CVE
CVEadded 2021/06/02 12:15 p.m.101 views

CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

7.5CVSS7.1AI score0.00499EPSS
CVE
CVEadded 2021/06/02 12:15 p.m.57 views

CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

7.1CVSS6.8AI score0.00085EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.52 views

CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.

5.4CVSS5.6AI score0.00184EPSS
CVE
CVEadded 2021/06/30 2:15 p.m.47 views

CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

6.5CVSS6.8AI score0.00193EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.43 views

CVE-2019-4653

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.

5.4CVSS5.7AI score0.003EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.43 views

CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

7.1CVSS7.5AI score0.0059EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.41 views

CVE-2020-4561

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

10CVSS8.8AI score0.00874EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.39 views

CVE-2020-4300

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.

8.2CVSS8.6AI score0.00185EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.39 views

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

8.8CVSS8.6AI score0.0103EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.37 views

CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.

6.5CVSS6.7AI score0.00116EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.37 views

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

4.3CVSS5.1AI score0.00162EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.36 views

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.5CVSS7.6AI score0.00355EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.34 views

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5CVSS6.6AI score0.00355EPSS