» 2021 » 8월

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Source: CVE-2021-38604

CVE-2021-38599

Posted on 2021년 8월 13일2021년 8월 13일 by admin

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity."

Source: CVE-2021-38599

CVE-2021-20509

Posted on 2021년 8월 13일2021년 8월 13일 by admin

CVE-2021-20509

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.

Source: CVE-2021-20509

CVE-2021-38597

Posted on 2021년 8월 13일2021년 8월 13일 by admin

CVE-2021-38597

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

Source: CVE-2021-38597

CVE-2021-27790

Posted on 2021년 8월 13일2021년 8월 13일 by admin

CVE-2021-27790

The command â€œipfilterâ€� in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

Source: CVE-2021-27790

CVE-2021-27792

Posted on 2021년 8월 13일2021년 8월 13일 by admin

CVE-2021-27792

Source: CVE-2021-27792