An gano raunin da yawa kwanan nan:
- Rashin lahani guda uku a cikin tsarin ƙira mai taimakon kwamfuta na kyauta na LibreCAD da ɗakin karatu na libdxfrw waɗanda ke ba ku damar haifar da ambaliya mai sarrafawa da yuwuwar cimma aiwatar da lambar lokacin buɗe fayilolin DWG da DXF na musamman. An gyara matsalolin zuwa yanzu kawai ta hanyar faci (CVE-2021-21898, CVE-2021-21899, CVE-2021-21900).
- Rashin lahani (CVE-2021-41817) a cikin hanyar Date.parse da aka bayar a daidaitaccen ɗakin karatu na Ruby. Ana iya amfani da lahani a cikin maganganun yau da kullun da ake amfani da su don tantance kwanakin a cikin hanyar Date.parse don aiwatar da hare-haren DoS, wanda ke haifar da amfani da mahimman albarkatun CPU da amfani da ƙwaƙwalwar ajiya yayin sarrafa bayanan da aka tsara musamman.
- Rashin lahani a cikin dandamalin koyo na injin TensorFlow (CVE-2021-41228), wanda ke ba da damar aiwatar da lamba lokacin da save_model_cli mai amfani yana aiwatar da bayanan maharan sun wuce ta hanyar “-input_examples”. Matsalar tana faruwa ne ta hanyar amfani da bayanan waje lokacin kiran lambar tare da aikin "eval". An daidaita batun a cikin sakin TensorFlow 2.7.0, TensorFlow 2.6.1, TensorFlow 2.5.2, da TensorFlow 2.4.4.
- Rashin lahani (CVE-2021-43331) a cikin tsarin gudanarwar aikawasiku na GNU Mailman wanda ya haifar da rashin kulawa na wasu nau'ikan URLs. Matsalar tana ba ku damar tsara aiwatar da lambar JavaScript ta hanyar ƙididdige URL ɗin da aka ƙera na musamman akan shafin saiti. An kuma gano wani batu a cikin Mailman (CVE-2021-43332), wanda ke ba mai amfani damar haƙƙin daidaitawa don tantance kalmar sirrin mai gudanarwa. An warware batutuwan a cikin sakin Mailman 2.1.36.
- Jerin rashin lahani a cikin editan rubutu na Vim wanda zai iya haifar da cikar buffer da yuwuwar aiwatar da lambar mai hari lokacin buɗe fayilolin ƙera musamman ta zaɓin "-S" (CVE-2021-3903, CVE-2021-3872, CVE-2021 -3927, CVE -2021-3928, gyara - 1, 2, 3, 4).
source: budenet.ru