Security Vulnerabilities - CVEs Published In April 2021
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-08
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-08
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-08
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-04-08
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-04-08
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-04-08
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-04-08
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-04-08
An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application.
CVSS Score
7.5
EPSS Score
0.039
Published
2021-04-08
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-04-08