| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-1319 | Hig | 0.47 | 7.2 | 0.03 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These… | ||
| CVE-2021-1318 | Hig | 0.47 | 7.2 | 0.03 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities… | ||
| CVE-2021-1317 | Hig | 0.47 | 7.2 | 0.03 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities… | ||
| CVE-2021-1316 | Hig | 0.47 | 7.2 | 0.03 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities… | ||
| CVE-2021-1315 | Hig | 0.47 | 7.2 | 0.03 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities… | ||
| CVE-2021-1314 | Hig | 0.47 | 7.2 | 0.03 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities… | ||
| CVE-2021-1313 | Hig | 0.56 | 8.6 | 0.02 | Feb 4, 2021 | Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details… | ||
| CVE-2021-1297 | Hig | 0.49 | 7.5 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be… | ||
| CVE-2021-1296 | Hig | 0.49 | 7.5 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be… | ||
| CVE-2021-1288 | Hig | 0.56 | 8.6 | 0.02 | Feb 4, 2021 | Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details… | ||
| CVE-2021-1268 | Hig | 0.48 | 7.4 | 0.01 | Feb 4, 2021 | A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software… | ||
| CVE-2020-27872 | Hig | 0.57 | 8.8 | 0.01 | Feb 4, 2021 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on… | ||
| CVE-2020-28450 | — | Hig | 0.56 | 8.6 | 0.02 | Feb 4, 2021 | This affects all versions of package decal. The vulnerability is in the extend function. | |
| CVE-2020-28449 | — | Hig | 0.56 | 8.6 | 0.02 | Feb 4, 2021 | This affects all versions of package decal. The vulnerability is in the set function. | |
| CVE-2020-6088 | Hig | 0.49 | 7.5 | 0.03 | Feb 4, 2021 | An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An… | ||
| CVE-2020-27249 | Hig | 0.51 | 7.8 | 0.01 | Feb 4, 2021 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and… | ||
| CVE-2020-27248 | Hig | 0.51 | 7.8 | 0.01 | Feb 4, 2021 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and… | ||
| CVE-2020-27247 | Hig | 0.51 | 7.8 | 0.01 | Feb 4, 2021 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an… | ||
| CVE-2020-14246 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2021 | HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. | ||
| CVE-2020-13586 | Hig | 0.51 | 7.8 | 0.02 | Feb 4, 2021 | A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious… | ||
| CVE-2020-13580 | Hig | 0.57 | 7.8 | 0.73 | Feb 4, 2021 | An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record… | ||
| CVE-2020-13579 | Hig | 0.57 | 7.8 | 0.73 | Feb 4, 2021 | An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an… | ||
| CVE-2021-25276 | Hig | 0.46 | 7.1 | 0.00 | Feb 3, 2021 | In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a… | ||
| CVE-2021-25275 | Hig | 0.51 | 7.8 | 0.01 | Feb 3, 2021 | SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can… | ||
| CVE-2020-25857 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2021 | The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial… | ||
| CVE-2020-25856 | Hig | 0.53 | 8.1 | 0.02 | Feb 3, 2021 | The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code… | ||
| CVE-2020-25855 | Hig | 0.53 | 8.1 | 0.03 | Feb 3, 2021 | The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution… | ||
| CVE-2020-25854 | Hig | 0.53 | 8.1 | 0.03 | Feb 3, 2021 | The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer… | ||
| CVE-2020-25853 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2021 | The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read… | ||
| CVE-2020-17516 | — | Hig | 0.49 | 7.5 | 0.02 | Feb 3, 2021 | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the… | |
| CVE-2021-25776 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | ||
| CVE-2021-25769 | Hig | 0.49 | 7.5 | 0.02 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. | ||
| CVE-2021-25765 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | ||
| CVE-2021-25758 | Hig | 0.51 | 7.8 | 0.01 | Feb 3, 2021 | In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | ||
| CVE-2020-35667 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2021 | JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | ||
| CVE-2020-2506 | Hig | 0.60 | 7.3 | 0.02 | KEV | Feb 3, 2021 | The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP… | |
| CVE-2020-28895 | Hig | 0.48 | 7.3 | 0.01 | Feb 3, 2021 | In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | ||
| CVE-2020-27222 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2021 | In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS… | ||
| CVE-2020-29166 | Hig | 0.49 | 7.5 | 0.02 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. | ||
| CVE-2020-29163 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | ||
| CVE-2021-21294 | — | Hig | 0.42 | 7.5 | 0.02 | Feb 2, 2021 | Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections… | |
| CVE-2021-21293 | — | Hig | 0.42 | 7.5 | 0.02 | Feb 2, 2021 | blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections… | |
| CVE-2020-8672 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2021 | Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access. | ||
| CVE-2020-1910 | Hig | 0.51 | 7.8 | 0.05 | Feb 2, 2021 | A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image. | ||
| CVE-2020-14255 | Hig | 0.49 | 7.5 | 0.01 | Feb 2, 2021 | HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | ||
| CVE-2021-23271 | Hig | 0.52 | 8.0 | 0.01 | Feb 2, 2021 | The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO… | ||
| CVE-2021-21289 | — | Hig | 0.41 | 7.4 | 0.04 | Feb 2, 2021 | Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes'… | |
| CVE-2019-25018 | Hig | 0.49 | 7.5 | 0.02 | Feb 2, 2021 | In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client… | ||
| CVE-2021-25310 | Hig | 0.58 | 8.8 | 0.05 | Feb 2, 2021 | The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs… | ||
| CVE-2020-28495 | — | Hig | 0.41 | 7.3 | 0.04 | Feb 2, 2021 | This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the… |
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These…
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…
- risk 0.56cvss 8.6epss 0.02
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details…
- risk 0.49cvss 7.5epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be…
- risk 0.49cvss 7.5epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be…
- risk 0.56cvss 8.6epss 0.02
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software…
- risk 0.57cvss 8.8epss 0.01
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on…
- risk 0.56cvss 8.6epss 0.02
This affects all versions of package decal. The vulnerability is in the extend function.
- risk 0.56cvss 8.6epss 0.02
This affects all versions of package decal. The vulnerability is in the set function.
- risk 0.49cvss 7.5epss 0.03
An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An…
- risk 0.51cvss 7.8epss 0.01
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and…
- risk 0.51cvss 7.8epss 0.01
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and…
- risk 0.51cvss 7.8epss 0.01
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an…
- risk 0.49cvss 7.5epss 0.01
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.
- risk 0.51cvss 7.8epss 0.02
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious…
- risk 0.57cvss 7.8epss 0.73
An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record…
- risk 0.57cvss 7.8epss 0.73
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an…
- risk 0.46cvss 7.1epss 0.00
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a…
- risk 0.51cvss 7.8epss 0.01
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can…
- risk 0.49cvss 7.5epss 0.01
The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial…
- risk 0.53cvss 8.1epss 0.02
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code…
- risk 0.53cvss 8.1epss 0.03
The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution…
- risk 0.53cvss 8.1epss 0.03
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer…
- risk 0.49cvss 7.5epss 0.01
The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read…
- risk 0.49cvss 7.5epss 0.02
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the…
- risk 0.49cvss 7.5epss 0.01
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
- risk 0.49cvss 7.5epss 0.02
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
- risk 0.57cvss 8.8epss 0.01
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
- risk 0.51cvss 7.8epss 0.01
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.
- risk 0.49cvss 7.5epss 0.01
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
- risk 0.60cvss 7.3epss 0.02
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP…
- risk 0.48cvss 7.3epss 0.01
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
- risk 0.49cvss 7.5epss 0.01
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS…
- risk 0.49cvss 7.5epss 0.02
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
- risk 0.57cvss 8.8epss 0.01
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
- risk 0.42cvss 7.5epss 0.02
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections…
- risk 0.42cvss 7.5epss 0.02
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections…
- risk 0.51cvss 7.8epss 0.00
Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.
- risk 0.51cvss 7.8epss 0.05
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
- risk 0.49cvss 7.5epss 0.01
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
- risk 0.52cvss 8.0epss 0.01
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO…
- risk 0.41cvss 7.4epss 0.04
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes'…
- risk 0.49cvss 7.5epss 0.02
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client…
- risk 0.58cvss 8.8epss 0.05
The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs…
- risk 0.41cvss 7.3epss 0.04
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the…