Search Results (363005 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-37554 1 Jetbrains 1 Youtrack 2024-11-21 4.3 Medium
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
CVE-2021-37553 1 Jetbrains 1 Youtrack 2024-11-21 7.5 High
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
CVE-2021-37552 1 Jetbrains 1 Youtrack 2024-11-21 5.4 Medium
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
CVE-2021-37551 1 Jetbrains 1 Youtrack 2024-11-21 5.3 Medium
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
CVE-2021-37550 1 Jetbrains 1 Youtrack 2024-11-21 7.5 High
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
CVE-2021-37549 1 Jetbrains 1 Youtrack 2024-11-21 9.1 Critical
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
CVE-2021-37548 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
CVE-2021-37547 1 Jetbrains 1 Teamcity 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
CVE-2021-37546 1 Jetbrains 1 Teamcity 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
CVE-2021-37545 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVE-2021-37544 1 Jetbrains 1 Teamcity 2024-11-21 9.8 Critical
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
CVE-2021-37543 1 Jetbrains 1 Rubymine 2024-11-21 8.8 High
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
CVE-2021-37542 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVE-2021-37541 1 Jetbrains 1 Hub 2024-11-21 6.1 Medium
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-37540 1 Jetbrains 1 Hub 2024-11-21 6.5 Medium
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2021-37539 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
CVE-2021-37538 1 Smartdatasoft 1 Smartblog 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
CVE-2021-37535 1 Sap 1 Netweaver Application Server Java 2024-11-21 9.8 Critical
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
CVE-2021-37534 1 Misp 1 Misp 2024-11-21 5.4 Medium
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.
CVE-2021-37532 1 Sap 1 Business One 2024-11-21 4.3 Medium
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.