CVE List - 2021 / May
Showing 401 - 500 of 1494 CVEs for May 2021 (Page 5 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-31900 | 2021-05-11 | In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. |
| CVE-2021-30006 | 2021-05-11 | In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. |
| CVE-2021-29263 | 2021-05-11 | In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS. |
| CVE-2021-30504 | 2021-05-11 | In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. |
| CVE-2021-31901 | 2021-05-11 | In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. |
| CVE-2021-27733 | 2021-05-11 | In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. |
| CVE-2021-31903 | 2021-05-11 | In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. |
| CVE-2021-31902 | 2021-05-11 | In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. |
| CVE-2021-31905 | 2021-05-11 | In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. |
| CVE-2021-30005 | 2021-05-11 | In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. |
| CVE-2021-31904 | 2021-05-11 | In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. |
| CVE-2021-26310 | 2021-05-11 | In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible. |
| CVE-2021-26309 | 2021-05-11 | Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. |
| CVE-2021-31906 | 2021-05-11 | In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. |
| CVE-2021-31907 | 2021-05-11 | In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. |
| CVE-2021-3315 | 2021-05-11 | In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. |
| CVE-2021-31909 | 2021-05-11 | In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. |
| CVE-2021-31908 | 2021-05-11 | In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. |
| CVE-2021-31910 | 2021-05-11 | In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. |
| CVE-2021-31911 | 2021-05-11 | In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. |
| CVE-2021-31912 | 2021-05-11 | In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. |
| CVE-2021-31913 | 2021-05-11 | In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. |
| CVE-2021-31914 | 2021-05-11 | In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. |
| CVE-2021-31915 | 2021-05-11 | In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. |
| CVE-2021-30482 | 2021-05-11 | In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly |
| CVE-2021-31898 | 2021-05-11 | In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. |
| CVE-2021-31897 | 2021-05-11 | In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. |
| CVE-2020-35438 | 2021-05-11 | Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5. |
| CVE-2021-21990 | 2021-05-11 | VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to... |
| CVE-2021-32560 | 2021-05-11 | The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. |
| CVE-2021-32561 | 2021-05-11 | OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. |
| CVE-2021-31537 | 2021-05-11 | SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). |
| CVE-2021-21648 | 2021-05-11 | Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2021-21649 | 2021-05-11 | Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. |
| CVE-2021-21650 | 2021-05-11 | Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts... |
| CVE-2021-21651 | 2021-05-11 | Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. |
| CVE-2021-21652 | 2021-05-11 | A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs... |
| CVE-2021-21653 | 2021-05-11 | Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of... |
| CVE-2021-21654 | 2021-05-11 | Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username... |
| CVE-2021-21655 | 2021-05-11 | A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. |
| CVE-2021-21656 | 2021-05-11 | Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-27611 | 2021-05-11 | SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access... |
| CVE-2021-27612 | 2021-05-11 | In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing... |
| CVE-2021-27613 | 2021-05-11 | Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming... |
| CVE-2021-27614 | 2021-05-11 | SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that... |
| CVE-2021-27616 | 2021-05-11 | Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to... |
| CVE-2021-27617 | 2021-05-11 | The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker... |
| CVE-2021-27618 | 2021-05-11 | The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local... |
| CVE-2021-27619 | 2021-05-11 | SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although... |
| CVE-2020-20267 | 2021-05-11 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory... |
| CVE-2020-20265 | 2021-05-11 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted... |
| CVE-2021-29471 | 2021-05-11 | Denial of service in Matrix Synapse |
| CVE-2020-4535 | 2021-05-11 | IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2020-4536 | 2021-05-11 | IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used... |
| CVE-2021-29508 | 2021-05-11 | Insecure deserialization in Wire |
| CVE-2021-32573 | 2021-05-11 | The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on... |
| CVE-2021-29509 | 2021-05-11 | Keepalive Connections Causing Denial Of Service in puma |
| CVE-2020-18964 | 2021-05-11 | Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. |
| CVE-2021-26418 | 2021-05-11 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-26419 | 2021-05-11 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-26421 | 2021-05-11 | Skype for Business and Lync Spoofing Vulnerability |
| CVE-2021-26422 | 2021-05-11 | Skype for Business and Lync Remote Code Execution Vulnerability |
| CVE-2021-27068 | 2021-05-11 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2021-28455 | 2021-05-11 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability |
| CVE-2021-28461 | 2021-05-11 | Dynamics Finance and Operations Cross-site Scripting Vulnerability |
| CVE-2021-28465 | 2021-05-11 | Web Media Extensions Remote Code Execution Vulnerability |
| CVE-2021-28474 | 2021-05-11 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-28476 | 2021-05-11 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2021-28478 | 2021-05-11 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-28479 | 2021-05-11 | Windows CSC Service Information Disclosure Vulnerability |
| CVE-2021-31165 | 2021-05-11 | Windows Container Manager Service Elevation of Privilege Vulnerability |
| CVE-2021-31166 | 2021-05-11 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| CVE-2021-31167 | 2021-05-11 | Windows Container Manager Service Elevation of Privilege Vulnerability |
| CVE-2021-31168 | 2021-05-11 | Windows Container Manager Service Elevation of Privilege Vulnerability |
| CVE-2021-31169 | 2021-05-11 | Windows Container Manager Service Elevation of Privilege Vulnerability |
| CVE-2021-31170 | 2021-05-11 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2021-31171 | 2021-05-11 | Microsoft SharePoint Information Disclosure Vulnerability |
| CVE-2021-31172 | 2021-05-11 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-31173 | 2021-05-11 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2021-31174 | 2021-05-11 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2021-31175 | 2021-05-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-31176 | 2021-05-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-31177 | 2021-05-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-31178 | 2021-05-11 | Microsoft Office Information Disclosure Vulnerability |
| CVE-2021-31179 | 2021-05-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-31180 | 2021-05-11 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-31182 | 2021-05-11 | Microsoft Bluetooth Driver Spoofing Vulnerability |
| CVE-2021-31181 | 2021-05-11 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2021-31184 | 2021-05-11 | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability |
| CVE-2021-31185 | 2021-05-11 | Windows Desktop Bridge Denial of Service Vulnerability |
| CVE-2021-31186 | 2021-05-11 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2021-31187 | 2021-05-11 | Windows WalletService Elevation of Privilege Vulnerability |
| CVE-2021-31188 | 2021-05-11 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2021-31190 | 2021-05-11 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability |
| CVE-2021-31191 | 2021-05-11 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability |
| CVE-2021-31192 | 2021-05-11 | Windows Media Foundation Core Remote Code Execution Vulnerability |
| CVE-2021-31193 | 2021-05-11 | Windows SSDP Service Elevation of Privilege Vulnerability |
| CVE-2021-31194 | 2021-05-11 | OLE Automation Remote Code Execution Vulnerability |
| CVE-2021-31195 | 2021-05-11 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-31200 | 2021-05-11 | Common Utilities Remote Code Execution Vulnerability |