Thycotic & Centrify Merge to Form Cloud Identity Security Firm

This artical was originally published on another site

Reading Time: < 1 minute
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2021-28048
PUBLISHED: 2021-04-14

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-28157
PUBLISHED: 2021-04-14

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.

CVE-2021-26030
PUBLISHED: 2021-04-14

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

CVE-2021-26031
PUBLISHED: 2021-04-14

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.

CVE-2021-27710
PUBLISHED: 2021-04-14

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system funct…

Categories

Related Posts