Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21255PUBLISHED: 2021-03-02GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.
CVE-2021-21258PUBLISHED: 2021-03-02
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in...
CVE-2021-22294PUBLISHED: 2021-03-02A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
CVE-2021-22296PUBLISHED: 2021-03-02A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.
CVE-2021-27885PUBLISHED: 2021-03-02usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.