| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. |
| The R programming languageās default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3 |
| In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. |
| In PicoTCP 1.7.0, TCP ISNs are improperly random. |
| In Contiki 4.5, TCP ISNs are improperly random. |
| In FNET 4.6.3, TCP ISNs are improperly random. |
| In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. |
| In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. |
| In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. |
| In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. |
| In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. |
| JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. |
| In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. |
| JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. |
| JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. |
| In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. |
| The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension. |
| The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups. |
| In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
