From DHS/US-CERT’s National Vulnerability Database CVE-2021-29271
PUBLISHED: 2021-03-27
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
CVE-2021-29272
PUBLISHED: 2021-03-27
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.
CVE-2021-29249
PUBLISHED: 2021-03-26
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.
CVE-2021-29264
PUBLISHED: 2021-03-26
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are us…
CVE-2021-29265
PUBLISHED: 2021-03-26
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.