CVE-2021-26999
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
Source: CVE-2021-26999
CVE-2021-26606
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
Source: CVE-2021-26606
CVE-2021-26998
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
Source: CVE-2021-26998
CVE-2021-37547
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
Source: CVE-2021-37547
CVE-2021-37549
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
Source: CVE-2021-37549
CVE-2021-37550
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
Source: CVE-2021-37550
CVE-2021-37551
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
Source: CVE-2021-37551
CVE-2021-37552
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
Source: CVE-2021-37552
CVE-2021-37543
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
Source: CVE-2021-37543