|
199591
|
7.2 |
HIGH
Network
|
dell
|
emc_srs_policy_manager
|
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A re…
|
CWE-611
XXE
|
CVE-2021-21517
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199592
|
5.4 |
MEDIUM
Network
|
dell
|
emc_sourceone
|
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessio…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21515
|
2024-11-21 14:48 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199593
|
4.4 |
MEDIUM
Local
|
zte
|
zxr10_8900e_firmware
|
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optica…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-21724
|
2024-11-21 14:48 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199594
|
6.1 |
MEDIUM
Network
|
aiohttp
debian
fedoraproject
|
aiohttp
debian_linux
fedora
|
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based…
|
-
|
CVE-2021-21330
|
2024-11-21 14:48 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199595
|
5.3 |
MEDIUM
Network
|
vapor_project
|
vapor
|
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. s…
|
-
|
CVE-2021-21328
|
2024-11-21 14:48 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199596
|
5.4 |
MEDIUM
Network
|
jenkins
|
artifact_repository_parameter
|
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21622
|
2024-11-21 14:48 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199597
|
5.3 |
MEDIUM
Network
|
jenkins
|
support_core
|
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID …
|
CWE-200
Information Exposure
|
CVE-2021-21621
|
2024-11-21 14:48 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199598
|
4.3 |
MEDIUM
Network
|
jenkins
|
claim
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
|
CWE-352
Origin Validation Error
|
CVE-2021-21620
|
2024-11-21 14:48 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199599
|
5.4 |
MEDIUM
Network
|
jenkins
|
claim
|
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the disp…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21619
|
2024-11-21 14:48 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199600
|
5.4 |
MEDIUM
Network
|
jenkins
|
repository_connector
|
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21618
|
2024-11-21 14:48 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
