|
200421
|
6.5 |
MEDIUM
Network
|
go-vela
|
vela
|
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets…
|
CWE-862
Missing Authorization
|
CVE-2021-21432
|
2024-11-21 14:48 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200422
|
8.1 |
HIGH
Network
|
mirahezebots
|
channelmgnt
|
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when …
|
NVD-CWE-Other
|
CVE-2021-21431
|
2024-11-21 14:48 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200423
|
9.8 |
CRITICAL
Network
|
getgrav
|
grav-plugin-admin
|
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of admi…
|
NVD-CWE-Other
|
CVE-2021-21425
|
2024-11-21 14:48 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200424
|
4.3 |
MEDIUM
Network
|
jenkins
|
promoted_builds
|
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.
|
CWE-352
Origin Validation Error
|
CVE-2021-21641
|
2024-11-21 14:48 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200425
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid o…
|
-
|
CVE-2021-21640
|
2024-11-21 14:48 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200426
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers wi…
|
-
|
CVE-2021-21639
|
2024-11-21 14:48 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200427
|
7.5 |
HIGH
Network
|
syncthing
|
syncthing
|
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative le…
|
-
|
CVE-2021-21404
|
2024-11-21 14:48 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200428
|
8.1 |
HIGH
Network
|
projen_project
|
projen
|
`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typ…
|
-
|
CVE-2021-21423
|
2024-11-21 14:48 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200429
|
4.3 |
MEDIUM
Network
|
dell
|
wyse_management_suite
|
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users tha…
|
CWE-20
Improper Input Validation
|
CVE-2021-21533
|
2024-11-21 14:48 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200430
|
6.3 |
MEDIUM
Adjacent
|
dell
|
wyse_thinos
|
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management …
|
CWE-20
Improper Input Validation
|
CVE-2021-21532
|
2024-11-21 14:48 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
