CVE-2021-3646
published 2021-09-10CVE-2021-3646: btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.75%
50.2th percentile
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| btcpayserver | btcpay_server | < 1.2.3 | 1.2.3 |
| btcpayserver | btcpayserver_btcpayserver | >= unspecified < 1.2.3 | 1.2.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.9MEDIUMCVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p4ww-48c6-98q5: btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ghsa_unreviewed·2022-05-24
CVE-2021-3646 [MEDIUM] CWE-79 GHSA-p4ww-48c6-98q5: btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Red Hat
kernel: drm/amdkfd: fix svm_migrate_fini warning
vendor_redhat·2024-05-21·CVSS 5.5
CVE-2021-47410 [MEDIUM] CWE-399 kernel: drm/amdkfd: fix svm_migrate_fini warning
kernel: drm/amdkfd: fix svm_migrate_fini warning
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: fix svm_migrate_fini warning
Device manager releases device-specific resources when a driver
disconnects from a device, devm_memunmap_pages and
devm_release_mem_region calls in svm_migrate_fini are redundant.
It causes below warning trace after patch "drm/amdgpu: Split
amdgpu_device_fini into early and late", so remove function
svm_migrate_fini.
BUG: https://gitlab.freedesktop.org/drm/amd/-/issues/1718
WARNING: CPU: 1 PID: 3646 at drivers/base/devres.c:795
devm_release_action+0x51/0x60
Call Trace:
? memunmap_pages+0x360/0x360
svm_migrate_fini+0x2d/0x60 [amdgpu]
kgd2kfd_device_exit+0x23/0xa0 [amdgpu]
amdgpu_amdkfd_device_fini_sw+0x1d/0x30 [amdgpu]
amdgpu_device_f
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975ehttps://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975ehttps://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613
2021-09-10
Published