SolarWinds Hackers Accessed DHS Chief’s Email
From DHS/US-CERT’s National Vulnerability Database CVE-2021-22696
PUBLISHED: 2021-04-02
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifyin…
CVE-2021-30000
PUBLISHED: 2021-04-02
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
CVE-2021-30003
PUBLISHED: 2021-04-02
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
CVE-2021-30004
PUBLISHED: 2021-04-02
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2021-30002
PUBLISHED: 2021-04-02
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
Read More HERE