» 2021 » 6월

CVE-2021-23394

Posted on 2021년 6월 13일2021년 6월 14일 by admin

CVE-2021-23394

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

Source: CVE-2021-23394

CVE-2021-34682

Posted on 2021년 6월 13일2021년 6월 13일 by admin

CVE-2021-34682

Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.

Source: CVE-2021-34682

CVE-2021-31812

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-31812

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

Source: CVE-2021-31812

CVE-2021-31811

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-31811

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

Source: CVE-2021-31811

CVE-2021-32553

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-32553

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

Source: CVE-2021-32553

CVE-2021-32552

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-32552

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

Source: CVE-2021-32552

CVE-2021-32557

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-32557

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

Source: CVE-2021-32557

CVE-2021-32556

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-32556

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

Source: CVE-2021-32556

CVE-2021-32554

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-32554

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

Source: CVE-2021-32554

CVE-2021-32555

Posted on 2021년 6월 12일2021년 6월 12일 by admin

CVE-2021-32555

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

Source: CVE-2021-32555