|
195031
|
5.3 |
MEDIUM
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
|
NVD-CWE-noinfo
|
CVE-2021-25760
|
2024-11-21 14:55 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195032
|
6.5 |
MEDIUM
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
|
NVD-CWE-noinfo
|
CVE-2021-25759
|
2024-11-21 14:55 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195033
|
7.8 |
HIGH
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-25758
|
2024-11-21 14:55 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195034
|
6.1 |
MEDIUM
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
|
CWE-601
Open Redirect
|
CVE-2021-25757
|
2024-11-21 14:55 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195035
|
5.3 |
MEDIUM
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
|
NVD-CWE-noinfo
|
CVE-2021-25756
|
2024-11-21 14:55 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195036
|
2.5 |
LOW
Local
|
jetbrains
|
code_with_me
|
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.
|
NVD-CWE-Other
|
CVE-2021-25755
|
2024-11-21 14:55 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195037
|
9.8 |
CRITICAL
Network
|
dotty_project
|
dotty
|
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25912
|
2024-11-21 14:55 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195038
|
8.8 |
HIGH
Network
|
apache
|
druid
|
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by…
|
NVD-CWE-noinfo
|
CVE-2021-25646
|
2024-11-21 14:55 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195039
|
6.5 |
MEDIUM
Adjacent
|
zivautomation
|
4cct-ea6-334126bf_firmware
|
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an a…
|
CWE-287
Improper Authentication
|
CVE-2021-25910
|
2024-11-21 14:55 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195040
|
7.5 |
HIGH
Network
|
zivautomation
|
4cct-ea6-334126bf_firmware
|
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vul…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-25909
|
2024-11-21 14:55 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
