Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3287PUBLISHED: 2021-04-22Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
CVE-2021-31547PUBLISHED: 2021-04-22An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
CVE-2021-31548PUBLISHED: 2021-04-22An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.
CVE-2021-31549PUBLISHED: 2021-04-22An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.
CVE-2021-31550PUBLISHED: 2021-04-22An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.
User Rank: Apprentice
1/16/2017 | 11:43:33 AM