» 2021 » 1월

CVE-2020-28405

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2020-28405

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.

Source: CVE-2020-28405

CVE-2020-28402

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2020-28402

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.

Source: CVE-2020-28402

CVE-2020-28403

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2020-28403

A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.

Source: CVE-2020-28403

CVE-2020-28401

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.

Source: CVE-2020-28401

CVE-2021-3298

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.

Source: CVE-2021-3298

CVE-2019-25014

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2019-25014

A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).

Source: CVE-2019-25014

CVE-2021-3336

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2021-3336

DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).

Source: CVE-2021-3336

CVE-2021-26308

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2021-26308

An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.

Source: CVE-2021-26308

CVE-2021-26305

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2021-26305

An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.

Source: CVE-2021-26305

CVE-2021-26306

Posted on 2021년 1월 29일2021년 1월 29일 by admin

CVE-2021-26306

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.

Source: CVE-2021-26306