Insider Data Leaks: A Growing Enterprise Threat

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-30502
PUBLISHED: 2021-04-25

The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.

CVE-2021-31712
PUBLISHED: 2021-04-24

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.

CVE-2021-31794
PUBLISHED: 2021-04-24

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.

CVE-2021-31795
PUBLISHED: 2021-04-24

The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.

CVE-2021-31598
PUBLISHED: 2021-04-24

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.