| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. |
| In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. |
| In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. |
| Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. |
| Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. |
| The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). |
| phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. |
| Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. |
| The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. |
| The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. |
| A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. |
| Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. |
| Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. |