CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page.
Source: MITRE
Max CVSS
4.8
EPSS Score
0.05%
Published
2021-03-31
Updated
2021-04-06
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.24%
Published
2021-03-31
Updated
2021-06-08
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.25%
Published
2021-03-31
Updated
2022-07-12
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-30
Updated
2022-05-16
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-30
Updated
2021-04-05
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-30
Updated
2021-04-05
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-30
Updated
2022-07-12
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-30
Updated
2021-04-05
GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.07%
Published
2021-03-30
Updated
2021-06-04
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.11%
Published
2021-03-30
Updated
2021-06-08
gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal.
Source: MITRE
Max CVSS
9.8
EPSS Score
5.19%
Published
2021-03-29
Updated
2021-06-04
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.20%
Published
2021-03-29
Updated
2022-07-12
ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.30%
Published
2021-03-30
Updated
2021-09-21
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.10%
Published
2021-03-31
Updated
2021-04-07
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.09%
Published
2021-03-30
Updated
2021-04-05
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-03-29
Updated
2021-03-30
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-03-27
Updated
2021-06-04
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-03-27
Updated
2021-06-04
Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-03-29
Updated
2021-03-31
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-03-26
Updated
2023-02-24
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
Source: MITRE
Max CVSS
4.7
EPSS Score
0.04%
Published
2021-03-26
Updated
2022-05-27
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-03-26
Updated
2022-05-27
MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2021-03-26
Updated
2021-04-02
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.17%
Published
2021-03-26
Updated
2021-03-31
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
Source: MITRE
Max CVSS
7.5
EPSS Score
25.41%
Published
2021-03-25
Updated
2021-03-29
1446 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!