| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root. |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface. |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device. |
| JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. |
| JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. |
| In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. |
| In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. |
| In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. |
| In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. |
| In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. |
| JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. |
| In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. |
| In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. |
| In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. |
| JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. |
| In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. |
| In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. |
