Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-3350
PUBLISHED: 2021-02-01

deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.

CVE-2021-3349
PUBLISHED: 2021-02-01

** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whethe…

CVE-2021-3348
PUBLISHED: 2021-02-01

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

CVE-2020-15834
PUBLISHED: 2021-02-01

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.

CVE-2020-15835
PUBLISHED: 2021-02-01

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management…