[월:] 2021년 04월

CVE-2021-25811

Posted on by admin

CVE-2021-25811

MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.

Source: CVE-2021-25811

CVE-2021-20294

Posted on by admin

CVE-2021-20294

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

Source: CVE-2021-20294

CVE-2021-27802

Posted on by admin

CVE-2021-27802

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24177. Reason: This candidate is a duplicate of CVE-2021-24177. Notes: All CVE users should reference CVE-2021-24177 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2021-27802

CVE-2021-20228

Posted on by admin

CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Source: CVE-2021-20228