|
200231
|
6.1 |
MEDIUM
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
|
CWE-79
Cross-site Scripting
|
CVE-2021-21747
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200232
|
6.1 |
MEDIUM
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
|
CWE-79
Cross-site Scripting
|
CVE-2021-21746
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200233
|
7.8 |
HIGH
Local
|
gonitro
|
nitro_pro
|
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different…
|
CWE-415
Double Free
|
CVE-2021-21797
|
2024-11-21 14:48 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200234
|
7.8 |
HIGH
Local
|
gonitro
|
nitro_pro
|
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroye…
|
CWE-416
Use After Free
|
CVE-2021-21796
|
2024-11-21 14:48 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200235
|
6.1 |
MEDIUM
Network
|
jenkins
|
git
|
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripti…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2021-21684
|
2024-11-21 14:48 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200236
|
6.5 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Ov…
|
CWE-22
Path Traversal
|
CVE-2021-21683
|
2024-11-21 14:48 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200237
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Window…
|
NVD-CWE-noinfo
|
CVE-2021-21682
|
2024-11-21 14:48 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200238
|
6.5 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when…
|
CWE-22
Path Traversal
|
CVE-2021-21706
|
2024-11-21 14:48 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200239
|
5.3 |
MEDIUM
Network
|
php
netapp
oracle
|
php
clustered_data_ontap
sd-wan_aware
|
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid…
|
CWE-20
Improper Input Validation
|
CVE-2021-21705
|
2024-11-21 14:48 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200240
|
5.9 |
MEDIUM
Network
|
php
netapp
|
php
clustered_data_ontap
|
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, …
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21704
|
2024-11-21 14:48 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
