|
200201
|
8.8 |
HIGH
Network
|
smarty
debian
fedoraproject
|
smarty
debian_linux
fedora
|
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static ph…
|
-
|
CVE-2021-21408
|
2024-11-21 14:48 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200202
|
8.1 |
HIGH
Network
|
zte
|
zxin10_cms
|
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high …
|
NVD-CWE-noinfo
|
CVE-2021-21751
|
2024-11-21 14:48 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200203
|
7.8 |
HIGH
Local
|
zte
|
zxin10_cms
|
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit t…
|
CWE-269
Improper Privilege Management
|
CVE-2021-21750
|
2024-11-21 14:48 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200204
|
5.3 |
MEDIUM
Network
|
php
netapp
debian
tenable
|
php
clustered_data_ontap
debian_linux
tenable.sc
|
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename cont…
|
NVD-CWE-Other
|
CVE-2021-21707
|
2024-11-21 14:48 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200205
|
5.5 |
MEDIUM
Local
|
dell
|
emc_powerscale_onefs
|
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain…
|
-
|
CVE-2021-21561
|
2024-11-21 14:48 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200206
|
7.5 |
HIGH
Network
|
dell
|
emc_powerscale_onefs
|
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous v…
|
NVD-CWE-Other
|
CVE-2021-21528
|
2024-11-21 14:48 |
2021-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200207
|
6.5 |
MEDIUM
Network
|
jenkins
|
performance
|
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2021-21701
|
2024-11-21 14:48 |
2021-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200208
|
5.4 |
MEDIUM
Network
|
jenkins
|
scriptler
|
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21700
|
2024-11-21 14:48 |
2021-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200209
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21699
|
2024-11-21 14:48 |
2021-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200210
|
7.5 |
HIGH
Network
|
jenkins
|
subversion
|
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
|
CWE-22
Path Traversal
|
CVE-2021-21698
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
