» 2021 » 7월

CVE-2021-30118

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2021-30118

Kaseya VSA before 9.5.5 allows remote code execution.

Source: CVE-2021-30118

CVE-2021-32742

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that use the impacted function directly or through other dependencies. The vulnerability is patched in version 4.47.2. As a workaround, one may use an alternative to Vapor’s built-in `Data.init(base32Encoded:)`.

Source: CVE-2021-32742

CVE-2012-0816

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2012-0816

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2012-0816

CVE-2012-0832

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2012-0832

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2012-0832

CVE-2021-23405

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2021-23405

This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.

Source: CVE-2021-23405

CVE-2012-2659

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2012-2659

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2012-2659

CVE-2012-1609

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2012-1609

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2012-1609

CVE-2021-36155

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2021-36155

LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.

Source: CVE-2021-36155

CVE-2021-36154

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.

Source: CVE-2021-36154

CVE-2021-36153

Posted on 2021년 7월 9일2021년 7월 10일 by admin

CVE-2021-36153

Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.

Source: CVE-2021-36153