|
199541
|
6.5 |
MEDIUM
Network
|
jenkins
|
matrix_authorization_strategy
|
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read …
|
CWE-863
Incorrect Authorization
|
CVE-2021-21623
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199542
|
7.8 |
HIGH
Local
|
dell
|
supportassist_client_promanage
supportassist_for_home_pcs
supportassist_for_business_pcs
|
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x co…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-21518
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199543
|
2.3 |
LOW
Local
|
zte
|
zxone_9700_firmware
zxone_8700_firmware
zxone_19700_firmware
|
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges c…
|
CWE-20
Improper Input Validation
|
CVE-2021-21726
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199544
|
5.4 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with t…
|
-
|
CVE-2021-21379
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199545
|
8.8 |
HIGH
Network
|
msgpack5_project
|
msgpack5
|
msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map co…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-21368
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199546
|
8.1 |
HIGH
Adjacent
|
elementary
fedoraproject
|
switchboard_bluetooth_plug
fedora
|
Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode…
|
-
|
CVE-2021-21367
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199547
|
4.3 |
MEDIUM
Network
|
xmldom_project
debian
|
xmldom
debian_linux
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespa…
|
-
|
CVE-2021-21366
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199548
|
8.2 |
HIGH
Local
|
flatpak
debian
fedoraproject
|
flatpak
debian_linux
fedora
|
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forward…
|
-
|
CVE-2021-21381
|
2024-11-21 14:48 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199549
|
8.2 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider …
|
CWE-287
Improper Authentication
|
CVE-2021-21378
|
2024-11-21 14:48 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199550
|
5.5 |
MEDIUM
Local
|
smartbear
|
swagger-codegen
|
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger defi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-21364
|
2024-11-21 14:48 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
