📦 Oncommand Insight

CVE-2021-38945 is a critical vulnerability in IBM Cognos Analytics that allows remote attackers to upload arbitrary files due to improper content validation. This affects IBM Cognos Analytics versions...

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by exploiting JNDI lookups in log messages. This affects a...

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers can inject malicious hostnames leading to domain hij...

This vulnerability allows unauthenticated remote attackers to read and write files on IBM Cognos Analytics systems by exploiting the DQM API. It affects IBM Cognos Analytics 11.0 and 11.1 installation...

IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.2 have improper input validation in application logging, allowing injection attacks. This could enable attackers to manipulate log data and ...

This Java security vulnerability allows attackers to bypass sandbox protections in client-side Java deployments. It affects Java SE, GraalVM for JDK, and GraalVM Enterprise Edition when running untrus...

This vulnerability in Oracle Java SE and GraalVM allows unauthenticated attackers with network access to modify critical data in Java deployments that run untrusted code, such as sandboxed Java Web St...

This vulnerability in Oracle MySQL Connector/J allows an unauthenticated attacker with network access to potentially compromise the connector through multiple protocols. Successful exploitation requir...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition's JSSE component allows attackers to compromise confidentiality and integrity of data via TLS connections. It affects Java deploymen...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. It affects systems using curl with these specific ...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands with script privileges when the script processes u...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Analytics versions 11.1.7 and 11.2.0. An attacker could trick authenticated users into performing unauthorized action...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applications. It affects Java deployments running sandbox...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data without authorization. It affects Java deployments runn...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, crashing the application. This affects any Java ap...

This CVE describes a prototype pollution vulnerability in Node.js's console.table() function when user-controlled input is passed to the 'properties' parameter alongside an object with '__proto__' as ...

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes/hangs) and perform unauthorized data modification...

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes/hangs) and modify some database data. It affects ...

This vulnerability allows users with DBADM authority in IBM Db2 to access other databases and read or modify files beyond their intended permissions. It affects IBM Db2 for Linux, UNIX and Windows (in...

This CSRF vulnerability in IBM Cognos Analytics allows attackers to trick authenticated users into performing unauthorized actions on the My Inbox page. It affects IBM Cognos Analytics 11.1.7 and 11.2...

IBM Cognos Analytics versions 11.1.7 and 11.2.0 have a weak default password policy that doesn't enforce strong passwords. This makes user accounts vulnerable to brute-force attacks and credential gue...

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server hangs or crashes) and perform unauthorized data modificat...

This vulnerability allows unauthenticated attackers to cause a denial of service (DoS) on MySQL Server running on Windows by crashing or hanging the service. It affects MySQL Server versions 8.0.25 an...

This vulnerability in Oracle Java SE 8u301 allows an unauthenticated attacker to potentially compromise Java deployments via network protocols when a user interacts with malicious content. It primaril...

CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially crafted Bzip2 compressed data. The vulnerability ...

CVE-2021-29745 is a privilege escalation vulnerability in IBM Cognos Analytics where lower-level users can access the 'New Job' page, which should be restricted to higher-privileged users. This allows...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...

CVE-2021-35515 is a denial-of-service vulnerability in Apache Commons Compress's 7Z archive handling. When processing a specially crafted 7Z file, the codec list construction can enter an infinite loo...

CVE-2021-35517 is a denial-of-service vulnerability in Apache Commons Compress where specially crafted TAR archives can trigger excessive memory allocation, leading to out-of-memory errors. This affec...

CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the client. This affects curl clients using OpenSSL wit...

CVE-2020-14326 is a denial-of-service vulnerability in RESTEasy's RootNode caching mechanism that allows attackers to cause hash flooding, resulting in slower request processing and increased CPU usag...

CVE-2020-10771 is a CSRF vulnerability in Infinispan 10 that allows attackers to perform unauthorized actions via GET requests. This affects systems running vulnerable Infinispan versions, potentially...

IBM Cognos Analytics 11.0 and 11.1 have a vulnerability where the New Data Server Connection page incorrectly enables autocomplete for credential fields. This allows a remote attacker to potentially e...

IBM Cognos Analytics 11.0 and 11.1 contains an XML External Entity (XXE) vulnerability that allows remote attackers to read arbitrary files from the server or cause denial of service through resource ...

CVE-2020-4300 is an XML External Entity (XXE) vulnerability in IBM Cognos Analytics that allows remote attackers to read arbitrary files from the server or cause denial of service through resource con...

This vulnerability allows remote attackers to inject malicious HTML code into IBM Cognos Analytics. When authenticated users view the compromised content, the attacker's code executes in their browser...

CVE-2021-29489 is a cross-site scripting (XSS) vulnerability in Highcharts JS versions 8 and earlier. It allows attackers to inject malicious scripts through untrusted chart options, potentially execu...

CVE-2021-21341 is a denial-of-service vulnerability in XStream library where specially crafted XML input can cause 100% CPU consumption on target systems. Only users who haven't implemented XStream's ...

This vulnerability allows an unauthenticated attacker to cause a denial of service by triggering a hang during SSL handshake responses in IBM DB2. Affected systems include IBM DB2 for Linux, UNIX and ...

This vulnerability in MySQL Server's Optimizer component allows high-privileged attackers with network access to cause denial of service by crashing or hanging the server. Affected versions include My...

This vulnerability in Oracle Java SE's 2D component allows unauthenticated attackers with network access to potentially modify or read some accessible data. It affects multiple Java versions and Graal...