» 2021 » 6월

CVE-2020-18442

Posted on 2021년 6월 19일2021년 6월 19일 by admin

CVE-2020-18442

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".

Source: CVE-2020-18442

CVE-2005-2795

Posted on 2021년 6월 19일2021년 6월 19일 by admin

CVE-2005-2795

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2005-2795

CVE-2021-32956

Posted on 2021년 6월 18일2021년 6월 19일 by admin

CVE-2021-32956

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.

Source: CVE-2021-32956

CVE-2021-32954

Posted on 2021년 6월 18일2021년 6월 19일 by admin

CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.

Source: CVE-2021-32954

CVE-2021-23845

Posted on 2021년 6월 18일2021년 6월 19일 by admin

CVE-2021-23845

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Source: CVE-2021-23845

CVE-2018-14639

Posted on 2021년 6월 18일2021년 6월 19일 by admin

CVE-2018-14639

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2018-14639

CVE-2021-23846

Posted on 2021년 6월 18일2021년 6월 19일 by admin

CVE-2021-23846

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

Source: CVE-2021-23846

CVE-2007-3733

Posted on 2021년 6월 18일2021년 6월 18일 by admin

CVE-2007-3733

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2007-3733

CVE-2005-0394

Posted on 2021년 6월 18일2021년 6월 18일 by admin

CVE-2005-0394

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2005-0394

CVE-2021-21997

Posted on 2021년 6월 18일2021년 6월 18일 by admin

CVE-2021-21997

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

Source: CVE-2021-21997