|
203541
|
6.5 |
MEDIUM
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is…
|
-
|
CVE-2021-21250
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203542
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21249
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203543
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build s…
|
CWE-94
Code Injection
|
CVE-2021-21248
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203544
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login pag…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21247
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203545
|
7.5 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However …
|
-
|
CVE-2021-21246
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203546
|
7.5 |
HIGH
Network
|
jqueryvalidation
netapp
|
jquery_validation
snapcenter
|
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more r…
|
-
|
CVE-2021-21252
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203547
|
9.8 |
CRITICAL
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.ge…
|
-
|
CVE-2021-21245
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203548
|
7.8 |
HIGH
Local
|
git_large_file_storage_project
|
git_large_file_storage
|
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program …
|
-
|
CVE-2021-21237
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203549
|
8.8 |
HIGH
Local
|
flatpak
debian
|
flatpak
debian_linux
|
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec…
|
-
|
CVE-2021-21261
|
2024-11-21 14:47 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203550
|
7.4 |
HIGH
Network
|
flask-security-too_project
|
flask-security-too
|
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of …
|
-
|
CVE-2021-21241
|
2024-11-21 14:47 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
