|
199801
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists du…
|
-
|
CVE-2021-21383
|
2024-11-21 14:48 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199802
|
8.8 |
HIGH
Network
|
jenkins
|
libvirt_agents
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.
|
CWE-352
Origin Validation Error
|
CVE-2021-21627
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199803
|
4.3 |
MEDIUM
Network
|
jenkins
|
warnings_next_generation
|
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Wo…
|
CWE-862
Missing Authorization
|
CVE-2021-21626
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199804
|
4.3 |
MEDIUM
Network
|
jenkins
|
cloudbees_aws_credentials
|
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate crede…
|
CWE-862
Missing Authorization
|
CVE-2021-21625
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199805
|
4.3 |
MEDIUM
Network
|
jenkins
|
role-based_authorization_strategy
|
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Rea…
|
CWE-863
Incorrect Authorization
|
CVE-2021-21624
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199806
|
6.5 |
MEDIUM
Network
|
jenkins
|
matrix_authorization_strategy
|
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read …
|
CWE-863
Incorrect Authorization
|
CVE-2021-21623
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199807
|
7.8 |
HIGH
Local
|
dell
|
supportassist_client_promanage
supportassist_for_home_pcs
supportassist_for_business_pcs
|
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x co…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-21518
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199808
|
2.3 |
LOW
Local
|
zte
|
zxone_9700_firmware
zxone_8700_firmware
zxone_19700_firmware
|
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges c…
|
CWE-20
Improper Input Validation
|
CVE-2021-21726
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199809
|
5.4 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with t…
|
-
|
CVE-2021-21379
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199810
|
8.8 |
HIGH
Network
|
msgpack5_project
|
msgpack5
|
msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map co…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-21368
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
