Monthly Archive: April 2021

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions....

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. Date published : 2021-04-14 https://github.com/rust-lang/rust/issues/51780...

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after...

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability...

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary...

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). Date published : 2021-04-14 https://github.com/saitoha/libsixel/issues/143

Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page. Date published : 2021-04-14 https://github.com/monicahq/monica/pull/4451 https://github.com/monicahq/monica/releases/tag/v2.19.1

Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. Date published : 2021-04-14 https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/

Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. Date published : 2021-04-14 https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html

An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed...

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor’s file upload allows an attacker to upload dangerous executables that bypass the...

Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. Date published : 2021-04-14 https://github.com/418sec/huntr/tree/staging/bounties/packagist/lavalite/cms/3

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create...

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module"...