Cyber Security

Axis Fosters Work-From-Home Momentum with Zero Trust Network Access

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2021-21657
PUBLISHED: 2021-05-25

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2021-21658
PUBLISHED: 2021-05-25

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2021-21659
PUBLISHED: 2021-05-25

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2021-21660
PUBLISHED: 2021-05-25

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.

CVE-2021-23937
PUBLISHED: 2021-05-25

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow…



 Source link

Back to top button
SoundCloud To Mp3