» 2021 » 7월

CVE-2021-21671

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-21671

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

Source: CVE-2021-21671

CVE-2021-35971

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-35971

Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.

Source: CVE-2021-35971

CVE-2021-35973

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).

Source: CVE-2021-35973

CVE-2021-22323

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-22323

There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

Source: CVE-2021-22323

CVE-2021-22369

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-22369

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

Source: CVE-2021-22369

CVE-2021-22371

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-22371

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.

Source: CVE-2021-22371

CVE-2021-22374

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-22374

There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks.

Source: CVE-2021-22374

CVE-2021-22373

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-22373

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.

Source: CVE-2021-22373

CVE-2021-35970

Posted on 2021년 7월 1일2021년 7월 1일 by admin

CVE-2021-35970

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

Source: CVE-2021-35970