| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. |
| TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc). |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. |
| In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. |
| In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. |
| Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. |
| Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. |
| SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. |
