» 2022 » 1월

CVE-2021-42749

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-42749

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.

Source: CVE-2021-42749

CVE-2021-42748

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

Source: CVE-2021-42748

CVE-2021-42392

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Source: CVE-2021-42392

CVE-2021-40041

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40041

There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6.

Source: CVE-2021-40041

CVE-2021-40032

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40032

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

Source: CVE-2021-40032

CVE-2021-40038

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40038

There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Source: CVE-2021-40038

CVE-2021-40037

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40037

There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.

Source: CVE-2021-40037

CVE-2021-40039

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40039

There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Source: CVE-2021-40039

CVE-2021-40035

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40035

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

Source: CVE-2021-40035

CVE-2021-40005

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-40005

The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.

Source: CVE-2021-40005