Security Vulnerabilities - CVEs Published In March 2021
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.
CVSS Score
7.0
EPSS Score
0.001
Published
2021-03-15
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-03-15
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-15
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-03-15
When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.
CVSS Score
6.8
EPSS Score
0.002
Published
2021-03-15
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.
CVSS Score
9.8
EPSS Score
0.015
Published
2021-03-15
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
CVSS Score
7.5
EPSS Score
0.059
Published
2021-03-15
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
CVSS Score
3.7
EPSS Score
0.129
Published
2021-03-15
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
CVSS Score
8.8
EPSS Score
0.033
Published
2021-03-15
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-03-15