» 2021 » 9월

CVE-2021-29831

Posted on 2021년 9월 22일2021년 9월 22일 by admin

CVE-2021-29831

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.

Source: CVE-2021-29831

CVE-2021-29795

Posted on 2021년 9월 22일2021년 9월 22일 by admin

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.

Source: CVE-2021-29795

CVE-2021-41525

Posted on 2021년 9월 22일2021년 9월 22일 by admin

CVE-2021-41525

An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.

Source: CVE-2021-41525

CVE-2021-41531

Posted on 2021년 9월 21일2021년 9월 22일 by admin

CVE-2021-41531

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.

Source: CVE-2021-41531

CVE-2021-0869

Posted on 2021년 9월 21일2021년 9월 21일 by admin

CVE-2021-0869

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A

Source: CVE-2021-0869