Total
35180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43195 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. | ||||
| CVE-2021-43194 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2021.1.2, user enumeration was possible. | ||||
| CVE-2021-43193 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 9.8 Critical |
| In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | ||||
| CVE-2021-43192 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | ||||
| CVE-2021-43191 | 3 Apple, Google, Jetbrains | 3 Iphone Os, Android, Youtrack Mobile | 2024-11-21 | 5.3 Medium |
| JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | ||||
| CVE-2021-43190 | 2 Google, Jetbrains | 2 Android, Youtrack Mobile | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. | ||||
| CVE-2021-43189 | 2 Google, Jetbrains | 2 Android, Youtrack Mobile | 2024-11-21 | 7.3 High |
| In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. | ||||
| CVE-2021-43188 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2024-11-21 | 7.3 High |
| In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. | ||||
| CVE-2021-43187 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. | ||||
| CVE-2021-43183 | 1 Jetbrains | 1 Hub | 2024-11-21 | 9.8 Critical |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | ||||
| CVE-2021-43182 | 1 Jetbrains | 1 Hub | 2024-11-21 | 7.5 High |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | ||||
| CVE-2021-43180 | 1 Jetbrains | 1 Hub | 2024-11-21 | 7.5 High |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | ||||
| CVE-2021-43177 | 1 Tinfoilsecurity | 1 Devise-two-factor | 2024-11-21 | 5.3 Medium |
| As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) | ||||
| CVE-2021-43145 | 1 Zammad | 1 Zammad | 2024-11-21 | 8.1 High |
| With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | ||||
| CVE-2021-43110 | 1 Puneethreddyhc Online-shopping-system Project | 1 Puneethreddyhc Online-shopping-system | 2024-11-21 | 9.8 Critical |
| An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. | ||||
| CVE-2021-43105 | 1 Technitium | 1 Dns Server | 2024-11-21 | 4.3 Medium |
| A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. | ||||
| CVE-2021-43056 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | ||||
| CVE-2021-43055 | 1 Tibco | 1 Eftl | 2024-11-21 | 5.9 Medium |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | ||||
| CVE-2021-43054 | 1 Tibco | 1 Eftl | 2024-11-21 | 7.1 High |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | ||||
| CVE-2021-43053 | 1 Tibco | 1 Ftl | 2024-11-21 | 8.5 High |
| The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. | ||||