» 2021 » 10월

CVE-2021-36550

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-36550

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.

Source: CVE-2021-36550

CVE-2021-30823

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30823

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

Source: CVE-2021-30823

CVE-2021-30840

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30840

This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

Source: CVE-2021-30840

CVE-2021-30821

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30821

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Source: CVE-2021-30821

CVE-2021-30824

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30824

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Source: CVE-2021-30824

CVE-2021-30831

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30831

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory.

Source: CVE-2021-30831

CVE-2021-30834

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30834

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

Source: CVE-2021-30834

CVE-2021-30833

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30833

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

Source: CVE-2021-30833

CVE-2021-30836

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2021-30836

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.

Source: CVE-2021-30836

CVE-2020-25422

Posted on 2021년 10월 29일2021년 10월 29일 by admin

CVE-2020-25422

A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Source: CVE-2020-25422