|
200451
|
4.3 |
MEDIUM
Network
|
jenkins
|
cloud_statistics
|
Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view …
|
CWE-862
Missing Authorization
|
CVE-2021-21631
|
2024-11-21 14:48 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200452
|
5.4 |
MEDIUM
Network
|
jenkins
|
extra_columns
|
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2021-21630
|
2024-11-21 14:48 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200453
|
8.8 |
HIGH
Network
|
jenkins
|
build_with_parameters
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.
|
CWE-352
Origin Validation Error
|
CVE-2021-21629
|
2024-11-21 14:48 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200454
|
5.4 |
MEDIUM
Network
|
jenkins
|
build_with_parameters
|
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21628
|
2024-11-21 14:48 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200455
|
7.5 |
HIGH
Network
|
zte
|
zxhn_f623_firmware
|
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service.…
|
NVD-CWE-noinfo
|
CVE-2021-21727
|
2024-11-21 14:48 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200456
|
6.5 |
MEDIUM
Network
|
wire
|
wire_server
|
wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in…
|
-
|
CVE-2021-21396
|
2024-11-21 14:48 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200457
|
8.1 |
HIGH
Network
|
nim-lang
|
nim
|
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full veri…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-21374
|
2024-11-21 14:48 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200458
|
5.9 |
MEDIUM
Network
|
nim-lang
|
nim
|
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In ca…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-21373
|
2024-11-21 14:48 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200459
|
8.8 |
HIGH
Network
|
nim-lang
|
nim
|
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitra…
|
CWE-78
OS Command
|
CVE-2021-21372
|
2024-11-21 14:48 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200460
|
8.8 |
HIGH
Network
|
buddypress
|
buddypress
|
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rig…
|
-
|
CVE-2021-21389
|
2024-11-21 14:48 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
