Security Vulnerabilities - CVEs Published In April 2021
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-04-02
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-04-02
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-04-02
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
CVSS Score
6.2
EPSS Score
0.0
Published
2021-04-02
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-04-01
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-04-01
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-04-01
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-01
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).
CVSS Score
3.7
EPSS Score
0.002
Published
2021-04-01