|
195471
|
4.3 |
MEDIUM
Network
|
jenkins
|
s3_publisher
|
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
|
-
|
CVE-2021-21651
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195472
|
4.3 |
MEDIUM
Network
|
jenkins
|
s3_publisher
|
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain inform…
|
-
|
CVE-2021-21650
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195473
|
5.4 |
MEDIUM
Network
|
jenkins
|
dashboard_view
|
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21649
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195474
|
6.1 |
MEDIUM
Network
|
jenkins
|
credentials
|
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2021-21648
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195475
|
5.5 |
MEDIUM
Local
|
openapi-generator
|
openapi_generator
|
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK wil…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-21430
|
2024-11-21 14:48 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195476
|
7.0 |
HIGH
Local
|
openapi-generator
|
openapi_generator
|
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-21428
|
2024-11-21 14:48 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195477
|
5.3 |
MEDIUM
Network
|
eventlet
fedoraproject
|
eventlet
fedora
|
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side…
|
-
|
CVE-2021-21419
|
2024-11-21 14:48 |
2021-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195478
|
6.7 |
MEDIUM
Local
|
dell
|
emc_powerscale_onefs
|
Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGI…
|
CWE-78
OS Command
|
CVE-2021-21550
|
2024-11-21 14:48 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195479
|
6.7 |
MEDIUM
Local
|
dell
|
emc_powerscale_onefs
|
Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SS…
|
CWE-78
OS Command
|
CVE-2021-21527
|
2024-11-21 14:48 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195480
|
9.8 |
CRITICAL
Network
|
dell
|
emc_integrated_system_for_microsoft_azure_stack_hub_firmware
|
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default cre…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2021-21505
|
2024-11-21 14:48 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
