|
197171
|
4.3 |
MEDIUM
Network
|
otrs
|
cis_in_customer_frontend
|
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-21436
|
2024-11-21 14:48 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197172
|
6.5 |
MEDIUM
Network
|
otrs
|
otrs
|
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0…
|
CWE-200
Information Exposure
|
CVE-2021-21435
|
2024-11-21 14:48 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197173
|
4.8 |
MEDIUM
Network
|
otrs
|
survey
|
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS A…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21434
|
2024-11-21 14:48 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197174
|
5.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2021-21615
|
2024-11-21 14:48 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197175
|
7.5 |
HIGH
Network
|
zte
|
zxr10_9904_firmware
zxr10_9908_firmware
zxr10_9916_firmware
zxr10_9904-s_firmware
zxr10_9908-s_firmware
|
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operat…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-21723
|
2024-11-21 14:48 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197176
|
4.4 |
MEDIUM
Local
|
zte
|
zxv10_b860a_firmware
|
A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further i…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-21722
|
2024-11-21 14:48 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197177
|
5.5 |
MEDIUM
Local
|
jenkins
|
bumblebee_hp_alm
|
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkin…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-21614
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197178
|
6.1 |
MEDIUM
Network
|
jenkins
|
tics
|
Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service respon…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21613
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197179
|
5.5 |
MEDIUM
Local
|
jenkins
|
tracetronic_ecu-test
|
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the J…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-21612
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197180
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability explo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21611
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
