|
199671
|
9.8 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
|
CWE-22
Path Traversal
|
CVE-2021-21690
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199672
|
9.1 |
CRITICAL
Network
|
jenkins
|
jenkins
|
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
|
NVD-CWE-Other
|
CVE-2021-21689
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199673
|
7.5 |
HIGH
Network
|
jenkins
|
jenkins
|
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read acc…
|
CWE-862
Missing Authorization
|
CVE-2021-21688
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199674
|
9.1 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
|
CWE-862
Missing Authorization
|
CVE-2021-21687
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199675
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outsid…
|
CWE-59
Link Following
|
CVE-2021-21686
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199676
|
9.1 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
|
CWE-862
Missing Authorization
|
CVE-2021-21685
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199677
|
5.4 |
MEDIUM
Network
|
galette
|
galette
|
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscript…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21319
|
2024-11-21 14:48 |
2021-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199678
|
7.0 |
HIGH
Local
|
php
debian
fedoraproject
netapp
oracle
|
php
debian_linux
fedora
clustered_data_ontap
communications_diameter_signaling_router
|
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running …
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21703
|
2024-11-21 14:48 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199679
|
9.8 |
CRITICAL
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21749
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199680
|
9.8 |
CRITICAL
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21748
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
