CVE-2020-29629 (macos)
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory. Devamını Oku
Devamını oku
CVE-2020-9897 (ipad_os, iphone_os, macos)
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution. Devamını Oku
CVE-2021-1821 (macos, watchos)
A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service. Devamını Oku
CVE-2021-22097
In Spring AMQP versions 2.2.0 – 2.2.18 and 2.3.0 – 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.…
CVE-2021-22097 (spring_advanced_message_queuing_protocol)
In Spring AMQP versions 2.2.0 – 2.2.18 and 2.3.0 – 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.…
CVE-2020-7875
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. Devamını Oku
CVE-2021-22044
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. Devamını Oku
CVE-2021-22047
In Spring Data REST versions 3.4.0 – 3.4.13, 3.5.0 – 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. Devamını Oku
CVE-2021-22096
In Spring Framework versions 5.3.0 – 5.3.10, 5.2.0 – 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Devamını Oku
CVE-2020-7875 (dext5upload)
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. Devamını Oku
CVE-2021-22044 (spring_cloud_openfeign)
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. Devamını Oku
CVE-2021-22047 (spring_data_rest)
In Spring Data REST versions 3.4.0 – 3.4.13, 3.5.0 – 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. Devamını Oku