| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). |
| A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php. |
| A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. |
| A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. |
| TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc). |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. |
| In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. |
| In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. |
