» 2021 » 7월

CVE-2020-20252

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Source: CVE-2020-20252

CVE-2021-31217

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2021-31217

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

Source: CVE-2021-31217

CVE-2021-36214

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2021-36214

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.

Source: CVE-2021-36214

CVE-2021-34552

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2021-34552

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

Source: CVE-2021-34552

CVE-2021-20369

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2021-20369

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.

Source: CVE-2021-20369

CVE-2021-20423

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2021-20423

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.

Source: CVE-2021-20423

CVE-2021-20364

Posted on 2021년 7월 14일2021년 7월 14일 by admin

CVE-2021-20364

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035.

Source: CVE-2021-20364