CVE-2021-34824
Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Control.
Source: CVE-2021-34824
[월:] 2021년 06월
CVE-2020-7870
CVE-2020-7870
A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.
Source: CVE-2020-7870
CVE-2020-7869
CVE-2020-7869
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority.
Source: CVE-2020-7869
CVE-2020-7868
CVE-2020-7868
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.
Source: CVE-2020-7868
CVE-2021-31531
CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
Source: CVE-2021-31531
CVE-2021-31530
CVE-2021-31530
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
Source: CVE-2021-31530
CVE-2020-7871
CVE-2020-7871
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to.
Source: CVE-2020-7871
CVE-2021-27577
CVE-2021-27577
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Source: CVE-2021-27577
CVE-2021-23400
CVE-2021-23400
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
Source: CVE-2021-23400
CVE-2021-28690
CVE-2021-28690
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn’t restored after S3 suspend.
Source: CVE-2021-28690