|
199861
|
9.8 |
CRITICAL
Network
|
openmage
|
magento
|
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured dese…
|
-
|
CVE-2021-21426
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199862
|
4.3 |
MEDIUM
Network
|
jenkins
|
cloudbees_cd
|
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item…
|
-
|
CVE-2021-21647
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199863
|
8.8 |
HIGH
Network
|
jenkins
|
templating_engine
|
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code …
|
-
|
CVE-2021-21646
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199864
|
4.3 |
MEDIUM
Network
|
jenkins
|
config_file_provider
|
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.
|
-
|
CVE-2021-21645
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199865
|
5.4 |
MEDIUM
Network
|
jenkins
|
config_file_provider
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.
|
CWE-352
Origin Validation Error
|
CVE-2021-21644
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199866
|
6.5 |
MEDIUM
Network
|
jenkins
|
config_file_provider
|
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate syst…
|
-
|
CVE-2021-21643
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199867
|
8.1 |
HIGH
Network
|
jenkins
|
config_file_provider
|
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2021-21642
|
2024-11-21 14:48 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199868
|
6.7 |
MEDIUM
Local
|
dell
|
powerscale_onefs
|
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.
|
CWE-78
OS Command
|
CVE-2021-21526
|
2024-11-21 14:48 |
2021-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199869
|
7.5 |
HIGH
Network
|
filecoin
|
lotus
|
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized"…
|
-
|
CVE-2021-21405
|
2024-11-21 14:48 |
2021-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199870
|
7.5 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you …
|
CWE-287
Improper Authentication
|
CVE-2021-21399
|
2024-11-21 14:48 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
