|
200411
|
7.0 |
HIGH
Local
|
adobe
|
illustrator
|
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this …
|
-
|
CVE-2021-21007
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200412
|
8.6 |
HIGH
Local
|
adobe
|
photoshop
|
Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execut…
|
-
|
CVE-2021-21006
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200413
|
5.3 |
MEDIUM
Network
|
laravel
|
laravel
|
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which …
|
CWE-89
SQL Injection
|
CVE-2021-21263
|
2024-11-21 14:47 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200414
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint…
|
-
|
CVE-2021-21251
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200415
|
6.5 |
MEDIUM
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is…
|
-
|
CVE-2021-21250
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200416
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21249
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200417
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build s…
|
CWE-94
Code Injection
|
CVE-2021-21248
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200418
|
8.8 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login pag…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21247
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200419
|
7.5 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However …
|
-
|
CVE-2021-21246
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200420
|
7.5 |
HIGH
Network
|
jqueryvalidation
netapp
|
jquery_validation
snapcenter
|
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more r…
|
-
|
CVE-2021-21252
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
