» 2021 » 9월

CVE-2020-18683

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2020-18683

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.

Source: CVE-2020-18683

CVE-2020-18684

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2020-18684

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.

Source: CVE-2020-18684

CVE-2020-18685

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2020-18685

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.

Source: CVE-2020-18685

CVE-2021-41826

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2021-41826

PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.

Source: CVE-2021-41826

CVE-2021-41824

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2021-41824

Craft CMS before 3.7.14 allows CSV injection.

Source: CVE-2021-41824

CVE-2021-41821

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2021-41821

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.

Source: CVE-2021-41821

CVE-2020-20781

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2020-20781

A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.

Source: CVE-2020-20781

CVE-2020-20129

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2020-20129

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.

Source: CVE-2020-20129

CVE-2021-41034

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2021-41034

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.

Source: CVE-2021-41034

CVE-2020-20131

Posted on 2021년 9월 30일2021년 9월 30일 by admin

CVE-2020-20131

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module.

Source: CVE-2020-20131