Lucene search
K

140 matches found

NVD
NVD
added 2021/03/30 12:16 p.m.21 views

CVE-2021-21636

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS0.00786EPSS
Exploits0References2
OSV
OSV
added 2021/03/30 12:16 p.m.15 views

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2021/03/30 12:16 p.m.32 views

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00832EPSS
Exploits0References2
Prion
Prion
added 2021/03/30 12:16 p.m.17 views

Information disclosure

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

4CVSS4.4AI score0.00786EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/30 12:16 p.m.22 views

Design/Logic Flaw

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00972EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/30 11:10 a.m.36 views

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00832EPSS
Exploits0References2
CVE
CVE
added 2021/03/30 11:10 a.m.89 views

CVE-2021-21637

CVE-2021-21637 affects the Jenkins Team Foundation Server Plugin (versions 5.157.1 and earlier). The underlying issue is a missing permission check, which allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs stored in Jenki...

6.5CVSS6.2AI score0.00972EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2021/03/30 11:10 a.m.22 views

CVE-2021-21637

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.6AI score0.00972EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.18 views

Oracle Access Manager Webgate Information Disclosure (Oct 2020 CPU)

Binary data oracleaccessmanagerwebgatecve201811058.nbin...

9.8CVSS7.3AI score0.04012EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.7 views

The vulnerability of the Web Server Plugin component of the Oracle Access Manager software, which allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.

The vulnerability of the Web Server Plugin component of the Oracle Access Manager software component of the Oracle Fusion Middleware platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker to create, delete, or modify access rights...

7.8CVSS7.2AI score0.02048EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2021/02/24 5:15 p.m.2 views

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

9.8CVSS7.9AI score0.9957EPSS
Exploits47References5
NVD
NVD
added 2021/02/24 5:15 p.m.52 views

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10CVSS0.9957EPSS
Exploits47References5
OSV
OSV
added 2021/02/24 5:15 p.m.4 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.3CVSS7AI score0.88012EPSS
Exploits8References2
NVD
NVD
added 2021/02/24 5:15 p.m.28 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.3CVSS0.88012EPSS
Exploits8References2
Cvelist
Cvelist
added 2021/02/24 4:42 p.m.43 views

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10AI score0.9957EPSS
Exploits47References4
Cvelist
Cvelist
added 2021/02/24 4:42 p.m.33 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.8AI score0.88012EPSS
Exploits8References1
ATTACKERKB
ATTACKERKB
added 2021/02/24 12:0 a.m.56 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.3CVSS2.5AI score0.88012EPSS
In wildExploits8References2
ATTACKERKB
ATTACKERKB
added 2021/02/24 12:0 a.m.337 views

VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10CVSS10AI score0.9957EPSS
In wildExploits47References6
OSV
OSV
added 2020/09/01 2:15 p.m.14 views

CVE-2020-2249

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

3.3CVSS6.6AI score
Exploits0References2
CVE
CVE
added 2020/09/01 1:50 p.m.78 views

CVE-2020-2249

CVE-2020-2249 affects Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier, where a webhook secret is stored unencrypted in the plugin’s global configuration file (hudson.plugins.tfs.TeamPluginGlobalConfig.xml) on the Jenkins controller file system. This allows attackers with local ...

3.3CVSS3.9AI score0.00257EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder