|
196571
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build s…
|
CWE-94
Code Injection
|
CVE-2021-21248
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196572
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login pag…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21247
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196573
|
7.5 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However …
|
-
|
CVE-2021-21246
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196574
|
7.5 |
HIGH
Network
|
jqueryvalidation
netapp
|
jquery_validation
snapcenter
|
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more r…
|
-
|
CVE-2021-21252
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196575
|
9.8 |
CRITICAL
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.ge…
|
-
|
CVE-2021-21245
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196576
|
7.8 |
HIGH
Local
|
git_large_file_storage_project
|
git_large_file_storage
|
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program …
|
-
|
CVE-2021-21237
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196577
|
8.8 |
HIGH
Local
|
flatpak
debian
|
flatpak
debian_linux
|
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec…
|
-
|
CVE-2021-21261
|
2024-11-21 14:47 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196578
|
7.4 |
HIGH
Network
|
flask-security-too_project
|
flask-security-too
|
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of …
|
-
|
CVE-2021-21241
|
2024-11-21 14:47 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196579
|
8.8 |
HIGH
Network
|
google
fedoraproject
debian
|
chrome
fedora
debian_linux
|
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21116
|
2024-11-21 14:47 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196580
|
9.6 |
CRITICAL
Network
|
google
fedoraproject
debian
|
chrome
fedora
debian_linux
|
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
|
CWE-416
Use After Free
|
CVE-2021-21115
|
2024-11-21 14:47 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
