Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-27576
PUBLISHED: 2021-03-15

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0

CVE-2021-28378
PUBLISHED: 2021-03-15

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.

CVE-2021-28379
PUBLISHED: 2021-03-15

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.

CVE-2021-28375
PUBLISHED: 2021-03-15

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.

CVE-2021-28374
PUBLISHED: 2021-03-15

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user’s exi…