|
199771
|
7.8 |
HIGH
Local
|
zte
|
zxin10_cms
|
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit t…
|
CWE-269
Improper Privilege Management
|
CVE-2021-21750
|
2024-11-21 14:48 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199772
|
5.3 |
MEDIUM
Network
|
php
netapp
debian
tenable
|
php
clustered_data_ontap
debian_linux
tenable.sc
|
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename cont…
|
NVD-CWE-Other
|
CVE-2021-21707
|
2024-11-21 14:48 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199773
|
5.5 |
MEDIUM
Local
|
dell
|
emc_powerscale_onefs
|
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain…
|
-
|
CVE-2021-21561
|
2024-11-21 14:48 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199774
|
7.5 |
HIGH
Network
|
dell
|
emc_powerscale_onefs
|
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous v…
|
NVD-CWE-Other
|
CVE-2021-21528
|
2024-11-21 14:48 |
2021-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199775
|
6.5 |
MEDIUM
Network
|
jenkins
|
performance
|
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2021-21701
|
2024-11-21 14:48 |
2021-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199776
|
5.4 |
MEDIUM
Network
|
jenkins
|
scriptler
|
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21700
|
2024-11-21 14:48 |
2021-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199777
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21699
|
2024-11-21 14:48 |
2021-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199778
|
7.5 |
HIGH
Network
|
jenkins
|
subversion
|
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
|
CWE-22
Path Traversal
|
CVE-2021-21698
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199779
|
9.1 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
|
NVD-CWE-Other
|
CVE-2021-21697
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199780
|
9.8 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control o…
|
NVD-CWE-Other
|
CVE-2021-21696
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
