| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |
| In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. |
| In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. |
| In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. |
| In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. |
| In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. |
| In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. |
| In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. |
| In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. |
| In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. |
| In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. |
| In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. |
| In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. |
| In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. |
| In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. |
| In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. |
| In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. |
