Security Vulnerabilities - CVEs Published In April 2021
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
CVSS Score
5.3
EPSS Score
0.006
Published
2021-04-06
Composr 10.0.36 allows upload and execution of PHP files.
CVSS Score
9.8
EPSS Score
0.155
Published
2021-04-06
Composr 10.0.36 allows XSS in an XML script.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-06
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVSS Score
6.1
EPSS Score
0.24
Published
2021-04-06
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
CVSS Score
7.2
EPSS Score
0.017
Published
2021-04-06
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS Score
4.9
EPSS Score
0.005
Published
2021-04-06
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS Score
4.9
EPSS Score
0.005
Published
2021-04-06
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS Score
4.9
EPSS Score
0.005
Published
2021-04-06
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS Score
4.9
EPSS Score
0.005
Published
2021-04-06
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS Score
4.9
EPSS Score
0.005
Published
2021-04-06