Windows Projected File System FS Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Desktop Bridge Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows CSC Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A flaw was found in the hivex library in versions before 1.3.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 4.1).
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.