Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21700 | 1 Jenkins | 1 Scriptler | 2021-11-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. | |||||
| CVE-2021-21699 | 1 Jenkins | 1 Active Choices | 2021-11-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21701 | 1 Jenkins | 1 Performance | 2021-11-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-43576 | 1 Jenkins | 1 Pom2config | 2021-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2021-43577 | 1 Jenkins | 1 Owasp Dependency-check | 2021-11-16 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-43578 | 1 Jenkins | 1 Squash Tm Publisher | 2021-11-16 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. | |||||
| CVE-2021-43494 | 1 Codingforentrepreneurs | 1 Opencv Rest Api | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | |||||
| CVE-2021-43496 | 1 Clustering Project | 1 Clustering | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | |||||
| CVE-2021-3683 | 1 Showdoc | 1 Showdoc | 2021-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3775 | 1 Showdoc | 1 Showdoc | 2021-11-16 | 5.8 MEDIUM | 5.4 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3776 | 1 Showdoc | 1 Showdoc | 2021-11-16 | 5.8 MEDIUM | 5.4 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-42703 | 1 Advantech | 1 Webaccess Hmi Designer | 2021-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | |||||
| CVE-2021-3720 | 1 Lenovo | 4 Legion Phone2 Pro \(l70081\), Legion Phone2 Pro \(l70081\) Firmware, Legion Phone Pro \(l79031\) and 1 more | 2021-11-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | |||||
| CVE-2021-38975 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2021-11-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780. | |||||
| CVE-2021-38974 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2021-11-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. | |||||
| CVE-2021-43492 | 1 Alquistai | 1 Alquist | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. | |||||
| CVE-2021-38978 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2021-11-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783. | |||||
| CVE-2020-21141 | 1 Idreamsoft | 1 Icms | 2021-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | |||||
| CVE-2021-3945 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2021-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3938 | 1 Snipeitapp | 1 Snipe-it | 2021-11-16 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||