Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-29271
PUBLISHED: 2021-03-27

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.

CVE-2021-29272
PUBLISHED: 2021-03-27

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

CVE-2021-29249
PUBLISHED: 2021-03-26

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.

CVE-2021-29264
PUBLISHED: 2021-03-26

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are us…

CVE-2021-29265
PUBLISHED: 2021-03-26

An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.