» 2022 » 1월

CVE-2020-13060

Posted on 2022년 1월 15일2022년 1월 15일 by admin

CVE-2020-13060

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Source: CVE-2020-13060

CVE-2020-13043

Posted on 2022년 1월 15일2022년 1월 15일 by admin

CVE-2020-13043

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Source: CVE-2020-13043

CVE-2020-13030

Posted on 2022년 1월 15일2022년 1월 15일 by admin

CVE-2020-13030

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Source: CVE-2020-13030

CVE-2021-32650

Posted on 2022년 1월 15일2022년 1월 15일 by admin

CVE-2021-32650

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.

Source: CVE-2021-32650

CVE-2021-32649

Posted on 2022년 1월 15일2022년 1월 15일 by admin

CVE-2021-32649

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.

Source: CVE-2021-32649

CVE-2022-0213

Posted on 2022년 1월 14일2022년 1월 15일 by admin

CVE-2022-0213

vim is vulnerable to Heap-based Buffer Overflow

Source: CVE-2022-0213

CVE-2022-0231

Posted on 2022년 1월 14일2022년 1월 14일 by admin

CVE-2022-0231

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Source: CVE-2022-0231

CVE-2021-33962

Posted on 2022년 1월 14일2022년 1월 14일 by admin

CVE-2021-33962

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.

Source: CVE-2021-33962

CVE-2021-36781

Posted on 2022년 1월 14일2022년 1월 14일 by admin

CVE-2021-36781

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

Source: CVE-2021-36781

CVE-2021-42551

Posted on 2022년 1월 14일2022년 1월 14일 by admin

CVE-2021-42551

Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.

Source: CVE-2021-42551