» 2021 » 5월

CVE-2020-19924

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2020-19924

In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.

Source: CVE-2020-19924

CVE-2021-31323

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31323

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.

Source: CVE-2021-31323

CVE-2020-20227

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2020-20227

Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

Source: CVE-2020-20227

CVE-2020-20220

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2020-20220

Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Source: CVE-2020-20220

CVE-2021-31315

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31315

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram’s stack memory out-of-bounds on a victim device via a malicious animated sticker.

Source: CVE-2021-31315

CVE-2021-31317

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31317

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram’s heap memory out-of-bounds on a victim device via a malicious animated sticker.

Source: CVE-2021-31317

CVE-2021-31316

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31316

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the ‘idsession’ HTTP POST parameter.

Source: CVE-2021-31316

CVE-2021-31319

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31319

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.

Source: CVE-2021-31319

CVE-2021-31318

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31318

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.

Source: CVE-2021-31318

CVE-2021-31321

Posted on 2021년 5월 19일2021년 5월 19일 by admin

CVE-2021-31321

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram’s stack memory out-of-bounds on a victim device via a malicious animated sticker.

Source: CVE-2021-31321