Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2021-21603: Jenkins Security Advisory 2021-01-13

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.

CVE
#xss#vulnerability#apple#dos#git#java#perl#auth
CVE-2021-21611: Jenkins Security Advisory 2021-01-13

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.

CVE-2021-21608: Jenkins Security Advisory 2021-01-13

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.

CVE-2021-21613: Jenkins Security Advisory 2021-01-13

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.

CVE-2021-21605: Jenkins Security Advisory 2021-01-13

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

CVE-2021-23239: Stable Release

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

CVE-2020-35896: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory › RustSec Advisory Database

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.

CVE-2020-35769: Always use IPv6 if a v6 address was given https://github.com/webmin/w… · webmin/webmin@1163f3a

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

CVE-2020-35680: smtpd's filter state machine can prematurely release resources · openbsd/src@6c32204

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.