Home

2021年10月の脆弱性

誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》

今月話題になった脆弱性まとめ

CVE-2021-30883

Description from NVD

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Information Acquisition Date:2021/11/01
CVSS 2.0: 0.0 None CVSS 3.x: 0.0 None

Highest Score:94 (2021/10/12)

脆弱性情報:Har-sia CVE-2021-30883

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2021-30892

Description from NVD

An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to modify protected parts of the file system.

Information Acquisition Date:2021/11/01
CVSS 2.0: 0.0 None CVSS 3.x: 0.0 None

Highest Score:45 (2021/10/29)

脆弱性情報:Har-sia CVE-2021-30892

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2021-38647

Description from NVD

Open Management Infrastructure Remote Code Execution Vulnerability

Information Acquisition Date:2021/11/01
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL
This vulnerability may involve a PoC.

Highest Score:60 (2021/09/17)

脆弱性情報:Har-sia CVE-2021-38647

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2021-40449

Description from NVD

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.

Information Acquisition Date:2021/11/01
CVSS 2.0: 4.6 MEDIUM CVSS 3.x: 7.8 HIGH
This vulnerability may involve a PoC.

Highest Score:75 (2021/10/13)

脆弱性情報:Har-sia CVE-2021-40449

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2021-41773

Description from NVD

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

Information Acquisition Date:2021/11/01
CVSS 2.0: 4.3 MEDIUM CVSS 3.x: 7.5 HIGH
This vulnerability may involve a PoC.

Description from Forti

Information Acquisition Date:2020/01/22

Affected Products

Impact

Recommended Actions

References

Highest Score:492 (2021/10/06)

脆弱性情報:Har-sia CVE-2021-41773

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2021-42013

Description from NVD

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

Information Acquisition Date:2021/11/01
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

Highest Score:128 (2021/10/08)

脆弱性情報:Har-sia CVE-2021-42013

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

計6件

Tweet