» 2021 » 5월

CVE-2020-36328

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Source: CVE-2020-36328

CVE-2018-25009

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2018-25009

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Source: CVE-2018-25009

CVE-2020-36332

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2020-36332

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

Source: CVE-2020-36332

CVE-2018-25011

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2018-25011

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Source: CVE-2018-25011

CVE-2018-25010

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2018-25010

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Source: CVE-2018-25010

CVE-2018-25013

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2018-25013

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Source: CVE-2018-25013

CVE-2018-25012

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2018-25012

Source: CVE-2018-25012

CVE-2018-25014

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2018-25014

A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Source: CVE-2018-25014

CVE-2021-31475

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007.

Source: CVE-2021-31475

CVE-2021-31474

Posted on 2021년 5월 22일2021년 5월 22일 by admin

CVE-2021-31474

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.

Source: CVE-2021-31474