» 2021 » 9월

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.

Source: CVE-2021-39209

CVE-2021-27044

Posted on 2021년 9월 16일2021년 9월 16일 by admin

CVE-2021-27044

An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

Source: CVE-2021-27044

CVE-2021-40157

Posted on 2021년 9월 16일2021년 9월 16일 by admin

CVE-2021-40157

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBXâ€™s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

Source: CVE-2021-40157

CVE-2020-19148

Posted on 2021년 9월 15일2021년 9월 16일 by admin

CVE-2020-19148

Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the ‘Nickname’ parameter in the component ‘/jfinal_cms/front/person/profile.html’.

Source: CVE-2020-19148

CVE-2020-19150

Posted on 2021년 9월 15일2021년 9월 16일 by admin

CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the ‘FileManager.delete()’ function in the component ‘modules/filemanager/FileManagerController.java’.

Source: CVE-2020-19150

CVE-2020-19151

Posted on 2021년 9월 15일2021년 9월 16일 by admin

CVE-2020-19151

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component ‘jfinal_cms/admin/filemanager/list’.

Source: CVE-2020-19151