|
200221
|
9.1 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
|
CWE-862
Missing Authorization
|
CVE-2021-21687
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200222
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outsid…
|
CWE-59
Link Following
|
CVE-2021-21686
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200223
|
9.1 |
CRITICAL
Network
|
jenkins
|
jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
|
CWE-862
Missing Authorization
|
CVE-2021-21685
|
2024-11-21 14:48 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200224
|
5.4 |
MEDIUM
Network
|
galette
|
galette
|
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscript…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21319
|
2024-11-21 14:48 |
2021-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200225
|
7.0 |
HIGH
Local
|
php
debian
fedoraproject
netapp
oracle
|
php
debian_linux
fedora
clustered_data_ontap
communications_diameter_signaling_router
|
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running …
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21703
|
2024-11-21 14:48 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200226
|
9.8 |
CRITICAL
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21749
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200227
|
9.8 |
CRITICAL
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21748
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200228
|
4.3 |
MEDIUM
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a reque…
|
CWE-352
Origin Validation Error
|
CVE-2021-21745
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200229
|
7.5 |
HIGH
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of th…
|
NVD-CWE-noinfo
|
CVE-2021-21744
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200230
|
4.3 |
MEDIUM
Network
|
zte
|
mf971r_firmware
|
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.
|
CWE-74
Injection
|
CVE-2021-21743
|
2024-11-21 14:48 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
