|
199551
|
5.5 |
MEDIUM
Local
|
jenkins
|
nomad
|
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins control…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-21681
|
2024-11-21 14:48 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199552
|
7.1 |
HIGH
Network
|
jenkins
|
nested_view
|
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2021-21680
|
2024-11-21 14:48 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199553
|
8.8 |
HIGH
Network
|
jenkins
|
azure_ad
|
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
|
CWE-352
Origin Validation Error
|
CVE-2021-21679
|
2024-11-21 14:48 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199554
|
8.8 |
HIGH
Network
|
jenkins
|
saml
|
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
|
CWE-352
Origin Validation Error
|
CVE-2021-21678
|
2024-11-21 14:48 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199555
|
8.8 |
HIGH
Network
|
jenkins
|
code_coverage_api
|
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerabil…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21677
|
2024-11-21 14:48 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199556
|
9.8 |
CRITICAL
Network
|
zte
|
zxv10_m910_firmware
|
There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21741
|
2024-11-21 14:48 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199557
|
7.5 |
HIGH
Network
|
mz-automation
|
lib60870
|
A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications.…
|
CWE-617
Reachable Assertion
|
CVE-2021-21778
|
2024-11-21 14:48 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199558
|
3.3 |
LOW
Local
|
linux
oracle
|
linux_kernel
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function
|
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2021-21781
|
2024-11-21 14:48 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199559
|
6.7 |
MEDIUM
Local
|
dell
|
emc_powerscale_onefs
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and es…
|
CWE-78
OS Command
|
CVE-2021-21599
|
2024-11-21 14:48 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199560
|
6.7 |
MEDIUM
Local
|
dell
|
emc_powerscale_onefs
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privilege…
|
CWE-77
Command Injection
|
CVE-2021-21595
|
2024-11-21 14:48 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
