» 2021 » 8월

CVE-2021-38590

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38590

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

Source: CVE-2021-38590

CVE-2021-38584

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38584

The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).

Source: CVE-2021-38584

CVE-2021-38589

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38589

In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).

Source: CVE-2021-38589

CVE-2021-38588

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38588

In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).

Source: CVE-2021-38588

CVE-2021-38587

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38587

In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).

Source: CVE-2021-38587

CVE-2021-38585

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38585

The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).

Source: CVE-2021-38585

CVE-2021-37697

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-37697

tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog.

Source: CVE-2021-37697

CVE-2021-38586

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-38586

In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).

Source: CVE-2021-38586

CVE-2021-37696

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-37696

tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command.

Source: CVE-2021-37696

CVE-2021-36770

Posted on 2021년 8월 12일2021년 8월 12일 by admin

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.

Source: CVE-2021-36770