|
199961
|
7.8 |
HIGH
Local
|
shescape_project
|
shescape
|
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection i…
|
-
|
CVE-2021-21384
|
2024-11-21 14:48 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199962
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists du…
|
-
|
CVE-2021-21383
|
2024-11-21 14:48 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199963
|
8.8 |
HIGH
Network
|
jenkins
|
libvirt_agents
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.
|
CWE-352
Origin Validation Error
|
CVE-2021-21627
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199964
|
4.3 |
MEDIUM
Network
|
jenkins
|
warnings_next_generation
|
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Wo…
|
CWE-862
Missing Authorization
|
CVE-2021-21626
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199965
|
4.3 |
MEDIUM
Network
|
jenkins
|
cloudbees_aws_credentials
|
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate crede…
|
CWE-862
Missing Authorization
|
CVE-2021-21625
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199966
|
4.3 |
MEDIUM
Network
|
jenkins
|
role-based_authorization_strategy
|
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Rea…
|
CWE-863
Incorrect Authorization
|
CVE-2021-21624
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199967
|
6.5 |
MEDIUM
Network
|
jenkins
|
matrix_authorization_strategy
|
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read …
|
CWE-863
Incorrect Authorization
|
CVE-2021-21623
|
2024-11-21 14:48 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199968
|
7.8 |
HIGH
Local
|
dell
|
supportassist_client_promanage
supportassist_for_home_pcs
supportassist_for_business_pcs
|
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x co…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-21518
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199969
|
2.3 |
LOW
Local
|
zte
|
zxone_9700_firmware
zxone_8700_firmware
zxone_19700_firmware
|
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges c…
|
CWE-20
Improper Input Validation
|
CVE-2021-21726
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199970
|
5.4 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with t…
|
-
|
CVE-2021-21379
|
2024-11-21 14:48 |
2021-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
