| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. |
| JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. |
| In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. |
| In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. |
| In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. |
| In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. |
| Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials. |
| Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account. |
| Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). |
| Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). |
| Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). |
| Cerner medico 26.00 allows variable reuse, possibly causing data corruption. |
| Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. |
| In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. |
| CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. |
| SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. |
| An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. |
