» 2021 » 7월

CVE-2021-34261

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-34261

An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.

Source: CVE-2021-34261

CVE-2021-34260

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-34260

A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

Source: CVE-2021-34260

CVE-2021-34267

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-34267

An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.

Source: CVE-2021-34267

CVE-2020-22283

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2020-22283

A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.

Source: CVE-2020-22283

CVE-2020-22284

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2020-22284

A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.

Source: CVE-2020-22284

CVE-2021-3619

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-3619

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.

Source: CVE-2021-3619

CVE-2021-3198

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-3198

By abusing the ‘install rpm url’ command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Source: CVE-2021-3198

CVE-2021-3540

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-3540

By abusing the ‘install rpm info detail’ command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Source: CVE-2021-3540

CVE-2021-25210

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-25210

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.

Source: CVE-2021-25210

CVE-2021-31580

Posted on 2021년 7월 23일2021년 7월 23일 by admin

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

Source: CVE-2021-31580