Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80179 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80179 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21652 | 1 Jenkins | 1 Xray - Test Management For Jira | 2024-11-21 | 7.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21646 | 1 Jenkins | 1 Templating Engine | 2024-11-21 | 8.8 High |
| Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | ||||
| CVE-2021-21642 | 2 Jenkins, Redhat | 3 Config File Provider, Openshift, Rhmt | 2024-11-21 | 8.1 High |
| Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2021-21638 | 1 Jenkins | 1 Team Foundation Server | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21633 | 1 Jenkins | 1 Owasp Dependency-track | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21629 | 1 Jenkins | 1 Build With Parameters | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | ||||
| CVE-2021-21627 | 1 Jenkins | 1 Libvirt Agents | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | ||||
| CVE-2021-21617 | 1 Jenkins | 1 Configuration Slicing | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | ||||
| CVE-2021-21605 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.0 High |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | ||||
| CVE-2021-21604 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.0 High |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | ||||
| CVE-2021-21601 | 1 Dell | 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance | 2024-11-21 | 8.8 High |
| Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | ||||
| CVE-2021-21597 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 7.2 High |
| Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files. | ||||
| CVE-2021-21594 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 8.2 High |
| Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. | ||||
| CVE-2021-21586 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 8.1 High |
| Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | ||||
| CVE-2021-21584 | 1 Dell | 2 Openmanage Enterprise, Openmanage Enterprise-modular | 2024-11-21 | 7.7 High |
| Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | ||||
| CVE-2021-21574 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2024-11-21 | 7.2 High |
| Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | ||||
| CVE-2021-21573 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2024-11-21 | 7.2 High |
| Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | ||||
| CVE-2021-21572 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2024-11-21 | 7.2 High |
| Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | ||||
| CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.8 High |
| Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | ||||
| CVE-2021-21559 | 1 Dell | 1 Emc Networker | 2024-11-21 | 7.1 High |
| Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. | ||||