» 2021 » 3월

CVE-2021-29133

Posted on 2021년 3월 24일2021년 3월 24일 by admin

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.

Source: CVE-2021-29133

CVE-2021-28967

Posted on 2021년 3월 24일2021년 3월 24일 by admin

CVE-2021-28967

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.

Source: CVE-2021-28967

CVE-2020-13611

Posted on 2021년 3월 24일2021년 3월 24일 by admin

CVE-2020-13611

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2020-13611

CVE-2021-21380

Posted on 2021년 3월 24일2021년 3월 24일 by admin

CVE-2021-21380

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.

Source: CVE-2021-21380