» 2021 » 3월

CVE-2020-26155

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2020-26155

Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.

Source: CVE-2020-26155

CVE-2021-28796

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28796

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.

Source: CVE-2021-28796

CVE-2021-28794

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28794

The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.

Source: CVE-2021-28794

CVE-2021-28790

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28790

The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace.

Source: CVE-2021-28790

CVE-2021-28789

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28789

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.

Source: CVE-2021-28789

CVE-2021-28145

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28145

Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.

Source: CVE-2021-28145

CVE-2021-28792

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28792

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace.

Source: CVE-2021-28792

CVE-2021-26216

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-26216

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.

Source: CVE-2021-26216

CVE-2021-26215

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-26215

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.

Source: CVE-2021-26215

CVE-2021-28791

Posted on 2021년 3월 19일2021년 3월 19일 by admin

CVE-2021-28791

The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.

Source: CVE-2021-28791