CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-11-12
Medium
CVE-2021-43578

Vendor: Jenkins
Software: Squash tm pu...
 

 
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

 
2021-11-04
Medium
CVE-2021-21690

Vendor: Jenkins
Software: Jenkins
 

 
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

 
Medium
CVE-2021-21696

Vendor: Jenkins
Software: Jenkins
 

 
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.

 
2021-09-09
Medium
CVE-2021-32835

Vendor: Eclipse
Software: KETI
 

 
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.

 
2021-08-31
Medium
CVE-2021-21678

Vendor: Jenkins
Software: SAML
 

 
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

 
Medium
CVE-2021-21679

Vendor: Jenkins
Software: Azure ad
 

 
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

 
2021-04-21
Medium
CVE-2021-21646

Vendor: Jenkins
Software: Templating e...
 

 
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

 
2021-03-29
High
CVE-2021-27245

Updating...
 

 
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309.

 
2020-12-14
Medium
CVE-2020-28396

Updating...
 

 
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.

 
2020-09-18
Medium
CVE-2020-16198

Vendor: Philips
Software: Clinical col...
 

 
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top