» 2021 » 5월

CVE-2021-21657

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2021-21657

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2021-21657

CVE-2021-21660

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2021-21660

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.

Source: CVE-2021-21660

CVE-2021-21658

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2021-21658

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2021-21658

CVE-2021-21659

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2021-21659

CVE-2020-13603

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2020-13603

Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45

Source: CVE-2020-13603

CVE-2020-10064

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2020-10064

Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7

Source: CVE-2020-10064

CVE-2020-10065

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2020-10065

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c

Source: CVE-2020-10065

CVE-2020-10066

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2020-10066

Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr

Source: CVE-2020-10066

CVE-2020-10069

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2020-10069

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp

Source: CVE-2020-10069

CVE-2020-10072

Posted on 2021년 5월 26일2021년 5월 26일 by admin

CVE-2020-10072

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc

Source: CVE-2020-10072