|
199531
|
4.3 |
MEDIUM
Network
|
otrs
|
faq
otrs
|
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-21438
|
2024-11-21 14:48 |
2021-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199532
|
4.3 |
MEDIUM
Network
|
otrs
|
itsmconfigurationmanagement
otrscisincustomerfrontend
|
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagem…
|
CWE-862
Missing Authorization
|
CVE-2021-21437
|
2024-11-21 14:48 |
2021-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199533
|
5.9 |
MEDIUM
Network
|
minio
|
minio
|
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnera…
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2021-21390
|
2024-11-21 14:48 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199534
|
7.5 |
HIGH
Network
|
wrongthink
|
wrongthink
|
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryp…
|
-
|
CVE-2021-21387
|
2024-11-21 14:48 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199535
|
7.8 |
HIGH
Local
|
shescape_project
|
shescape
|
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection i…
|
-
|
CVE-2021-21384
|
2024-11-21 14:48 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199536
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists du…
|
-
|
CVE-2021-21383
|
2024-11-21 14:48 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199537
|
8.8 |
HIGH
Network
|
jenkins
|
libvirt_agents
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.
|
CWE-352
Origin Validation Error
|
CVE-2021-21627
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199538
|
4.3 |
MEDIUM
Network
|
jenkins
|
warnings_next_generation
|
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Wo…
|
CWE-862
Missing Authorization
|
CVE-2021-21626
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199539
|
4.3 |
MEDIUM
Network
|
jenkins
|
cloudbees_aws_credentials
|
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate crede…
|
CWE-862
Missing Authorization
|
CVE-2021-21625
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199540
|
4.3 |
MEDIUM
Network
|
jenkins
|
role-based_authorization_strategy
|
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Rea…
|
CWE-863
Incorrect Authorization
|
CVE-2021-21624
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
