Zowopsa zingapo zomwe zadziwika posachedwa:
- Ziwopsezo zitatu mudongosolo laulere lothandizira pakompyuta la LibreCAD ndi laibulale ya libdxfrw yomwe imakupatsani mwayi woyambitsa kusefukira kwa buffer ndikutha kukwaniritsa ma code mukatsegula mafayilo opangidwa mwapadera a DWG ndi DXF. Mavuto adakonzedwa mpaka pano pokhapokha ngati zigamba (CVE-2021-21898, CVE-2021-21899, CVE-2021-21900).
- Chiwopsezo (CVE-2021-41817) mu njira ya Date.parse yoperekedwa mu laibulale yokhazikika ya Ruby. Zolakwika m'mawu anthawi zonse omwe amagwiritsidwa ntchito posanthula madeti mu njira ya Date.parse zitha kugwiritsidwa ntchito kuukira kwa DoS, zomwe zimapangitsa kuti pakhale kugwiritsidwa ntchito kwazinthu zazikulu za CPU ndi kukumbukira kukumbukira pokonza deta yopangidwa mwapadera.
- Chiwopsezo papulatifomu yophunzirira makina a TensorFlow (CVE-2021-41228), yomwe imalola kuti code igwiritsidwe ntchito populumutsa_model_cli zida zowononga zomwe zidadutsa pagawo la "--input_examples". Vutoli limayamba chifukwa chogwiritsa ntchito deta yakunja poyimba kachidindo ndi ntchito ya "eval". Nkhaniyi idakhazikitsidwa muzotulutsa za TensorFlow 2.7.0, TensorFlow 2.6.1, TensorFlow 2.5.2, ndi TensorFlow 2.4.4.
- Kusatetezeka (CVE-2021-43331) mu kasamalidwe ka makalata a GNU Mailman chifukwa cha kusagwira bwino mitundu ina ya ma URL. Vutoli limakupatsani mwayi wokonza ma code a JavaScript pofotokoza ulalo wopangidwa mwapadera patsamba lokhazikitsira. Nkhani ina yadziwikanso mu Mailman (CVE-2021-43332), yomwe imalola wogwiritsa ntchito yemwe ali ndi ufulu woyang'anira kuti aganizire mawu achinsinsi a woyang'anira. Nkhanizi zathetsedwa pakutulutsidwa kwa Mailman 2.1.36.
- Zowonongeka zingapo mu mkonzi wa zolemba za Vim zomwe zingayambitse kusefukira kwa buffer komanso kuphatikizika kwa code yowukira mukatsegula mafayilo opangidwa mwapadera kudzera pa "-S" njira (CVE-2021-3903, CVE-2021-3872, CVE-2021 -3927, CVE -2021-3928, zosintha - 1, 2, 3, 4).
Source: opennet.ru