Skip to main content
CVE-2021-21635 MEDIUM PATCH This Month

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Rest List Parameter
NVD
CVSS 3.1
5.4
EPSS
8.8%
CVE-2021-21630 MEDIUM PATCH This Month

Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Extra Columns
NVD
CVSS 3.1
5.4
EPSS
72.4%
CVE-2021-21628 MEDIUM PATCH This Month

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Build With Parameters
NVD
CVSS 3.1
5.4
EPSS
81.9%
CVE-2021-29642 MEDIUM PATCH This Month

GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Gistpad
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-3476 MEDIUM PATCH This Month

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Openexr Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-3475 MEDIUM PATCH This Month

There is a flaw in OpenEXR in versions before 3.0.0-beta. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Openexr Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-3474 MEDIUM PATCH This Month

There's a flaw in OpenEXR in versions before 3.0.0-beta. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Openexr Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-29418 MEDIUM PATCH This Month

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Netmask
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-21636 MEDIUM This Month

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Foundation Server
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21631 MEDIUM PATCH This Month

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloud Statistics
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-27266 LOW Monitor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
3.3
EPSS
2.2%
CVE-2021-27265 LOW Monitor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
3.3
EPSS
2.0%
CVE-2021-27264 LOW Monitor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
3.3
EPSS
2.2%
CVE-2021-27263 LOW Monitor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
3.3
EPSS
2.9%
CVE-2021-27262 LOW Monitor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
3.3
EPSS
2.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy