Skip to main content
CVE-2021-25274 CRITICAL POC THREAT Act Now

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Microsoft RCE Orion Platform
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2021-25275 HIGH POC This Week

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25276 HIGH POC This Week

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Serv U
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2021-25770 CRITICAL Act Now

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Youtrack
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-25765 HIGH This Week

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-25758 HIGH This Week

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-25776 HIGH This Week

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-25769 HIGH This Week

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-0365 MEDIUM This Month

In display driver, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0364 MEDIUM This Month

In mobile_log_d, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-0363 MEDIUM This Month

In mobile_log_d, there is a possible command injection due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-0362 MEDIUM This Month

In aee, there is a possible memory corruption due to a stack buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0361 MEDIUM This Month

In kisd, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Google Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0360 MEDIUM This Month

In netdiag, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0359 MEDIUM This Month

In netdiag, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0358 MEDIUM This Month

In netdiag, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-0357 MEDIUM This Month

In netdiag, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0356 MEDIUM This Month

In netdiag, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-0355 MEDIUM This Month

In kisd, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0354 MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0353 MEDIUM This Month

In kisd, there is a possible memory corruption due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-25759 MEDIUM This Month

In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-25755 LOW POC Monitor

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Code With Me
NVD
CVSS 3.1
2.5
EPSS
0.4%
CVE-2021-26023 MEDIUM This Month

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Favorites
NVD
CVSS 3.1
6.1
EPSS
25.2%
CVE-2021-25773 MEDIUM This Month

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25757 MEDIUM This Month

In JetBrains Hub before 2020.1.12629, an open redirect was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Hub
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26024 MEDIUM This Month

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Favorites
NVD
CVSS 3.1
5.3
EPSS
19.0%
CVE-2021-25778 MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25777 MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-25772 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-25768 MEDIUM This Month

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-25767 MEDIUM This Month

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2021-25766 MEDIUM This Month

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-25763 MEDIUM This Month

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ktor
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-25762 MEDIUM This Month

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Ktor
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25761 MEDIUM This Month

In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ktor
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-25760 MEDIUM This Month

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-25756 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-0352 MEDIUM This Month

In RT regmap driver, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-25774 MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-25771 MEDIUM This Month

In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-25775 LOW Monitor

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
3.8
EPSS
0.6%
CVE-2021-23331 LOW Monitor

This affects all versions of package com.squareup:connect. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Connect Java Software Development Kit
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy