Security Vulnerabilities Published In April 2021
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
Max Base Score | 6.1 |
Published | 2021-04-30 |
Updated | 2021-05-07 |
EPSS | 0.06% |
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
Max Base Score | 6.1 |
Published | 2021-04-30 |
Updated | 2021-05-07 |
EPSS | 0.06% |
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
Max Base Score | 7.2 |
Published | 2021-04-30 |
Updated | 2022-06-28 |
EPSS | 2.37% |
AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission to make changes to the system's network configuration).
Max Base Score | 6.5 |
Published | 2021-04-30 |
Updated | 2021-07-28 |
EPSS | 0.10% |
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
Max Base Score | 7.5 |
Published | 2021-04-30 |
Updated | 2022-07-12 |
EPSS | 0.15% |
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
Max Base Score | 6.1 |
Published | 2021-04-29 |
Updated | 2022-05-13 |
EPSS | 0.08% |
** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
Max Base Score | 9.8 |
Published | 2021-04-29 |
Updated | 2023-03-01 |
EPSS | 0.48% |
An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
Max Base Score | 9.8 |
Published | 2021-04-30 |
Updated | 2022-04-19 |
EPSS | 0.21% |
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
Max Base Score | 9.8 |
Published | 2021-04-30 |
Updated | 2022-04-19 |
EPSS | 0.21% |
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
Max Base Score | 7.5 |
Published | 2021-04-30 |
Updated | 2022-04-19 |
EPSS | 0.16% |
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
Max Base Score | 9.8 |
Published | 2021-04-30 |
Updated | 2022-04-19 |
EPSS | 0.21% |
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
Max Base Score | 5.3 |
Published | 2021-04-28 |
Updated | 2021-06-01 |
EPSS | 0.10% |
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
Max Base Score | 5.3 |
Published | 2021-04-28 |
Updated | 2022-07-12 |
EPSS | 0.10% |
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
Max Base Score | 5.3 |
Published | 2021-04-28 |
Updated | 2022-07-12 |
EPSS | 0.11% |
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
Max Base Score | 7.5 |
Published | 2021-04-28 |
Updated | 2021-06-01 |
EPSS | 0.17% |
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
Max Base Score | 9.8 |
Published | 2021-04-28 |
Updated | 2021-05-06 |
EPSS | 5.38% |
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
Max Base Score | 7.5 |
Published | 2021-04-27 |
Updated | 2021-05-07 |
EPSS | 0.15% |
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment "began several weeks ago and will be complete in the coming days."
Max Base Score | 3.3 |
Published | 2021-04-28 |
Updated | 2021-05-07 |
EPSS | 0.04% |
LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document.
Max Base Score | 5.5 |
Published | 2021-04-26 |
Updated | 2021-05-14 |
EPSS | 0.05% |
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Max Base Score | 6.1 |
Published | 2021-04-26 |
Updated | 2021-05-06 |
EPSS | 0.07% |
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.
Max Base Score | 8.8 |
Published | 2021-04-26 |
Updated | 2021-05-06 |
EPSS | 0.50% |
The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.
Max Base Score | 7.0 |
Published | 2021-04-24 |
Updated | 2021-05-06 |
EPSS | 0.05% |
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
Max Base Score | 6.1 |
Published | 2021-04-24 |
Updated | 2021-05-01 |
EPSS | 0.08% |
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
Max Base Score | 5.4 |
Published | 2021-04-30 |
Updated | 2021-05-03 |
EPSS | 0.06% |
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.
Max Base Score | 7.5 |
Published | 2021-04-23 |
Updated | 2021-05-07 |
EPSS | 0.15% |