» 2021 » 1월

CVE-2021-25125

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2021-25125

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.

Source: CVE-2021-25125

CVE-2021-25124

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2021-25124

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.

Source: CVE-2021-25124

CVE-2020-24670

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

Source: CVE-2020-24670

CVE-2020-24669

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.

Source: CVE-2020-24669

CVE-2020-24666

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2020-24666

The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1

Source: CVE-2020-24666

CVE-2020-24664

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2020-24664

The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

Source: CVE-2020-24664

CVE-2020-24665

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2020-24665

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA

Source: CVE-2020-24665

CVE-2021-3347

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Source: CVE-2021-3347

CVE-2021-3346

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.

Source: CVE-2021-3346

CVE-2021-23328

Posted on 2021년 1월 30일2021년 1월 30일 by admin

CVE-2021-23328

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Source: CVE-2021-23328