jell.ie CVEs

Read at: 2021-02-27T19:36:36+00:00

CVE-2021-27132

SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.

Source: National Vulnerability Database | 27 Feb 2021 | 6:15 am GMT

CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-3151

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2020-35662

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2020-28972

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-25282

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-25283

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2019-25021

An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2020-28243

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2019-25023

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.

Source: National Vulnerability Database | 27 Feb 2021 | 5:15 am GMT

CVE-2021-27803

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Source: National Vulnerability Database | 26 Feb 2021 | 11:15 pm GMT

CVE-2021-27198

An issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.

Source: National Vulnerability Database | 26 Feb 2021 | 11:15 pm GMT

CVE-2020-36079

Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory.

Source: National Vulnerability Database | 26 Feb 2021 | 11:15 pm GMT

CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Source: National Vulnerability Database | 26 Feb 2021 | 11:15 pm GMT

CVE-2021-26564

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26562

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26565

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-27799

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.19.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26563

Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26567

Use of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26561

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-21309

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len� to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality� (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-26560

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

Source: National Vulnerability Database | 26 Feb 2021 | 10:15 pm GMT

CVE-2021-0367

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0405

In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0366

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0401

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0402

In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0403

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0404

In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-0406

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418.

Source: National Vulnerability Database | 26 Feb 2021 | 9:15 pm GMT

CVE-2021-21308

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

Source: National Vulnerability Database | 26 Feb 2021 | 8:15 pm GMT

CVE-2021-21302

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2

Source: National Vulnerability Database | 26 Feb 2021 | 8:15 pm GMT

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.

Source: National Vulnerability Database | 26 Feb 2021 | 6:15 pm GMT

CVE-2021-23345

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.

Source: National Vulnerability Database | 26 Feb 2021 | 6:15 pm GMT

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.

Source: National Vulnerability Database | 26 Feb 2021 | 6:15 pm GMT

CVE-2021-21297

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.

Source: National Vulnerability Database | 26 Feb 2021 | 5:15 pm GMT

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to access any file via the Projects API. The issue has been patched in Node-RED 1.2.8. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read access to the Node-RED editor.

Source: National Vulnerability Database | 26 Feb 2021 | 5:15 pm GMT

CVE-2019-11684

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 pm GMT

CVE-2021-23965

Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 pm GMT

CVE-2020-24686

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 pm GMT

CVE-2021-23964

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 pm GMT

CVE-2021-23978

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 pm GMT

CVE-2021-23979

Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 pm GMT

CVE-2021-26903

LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 pm GMT

CVE-2021-26904

LMA ISIDA Retriever 5.2 allows SQL Injection.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 pm GMT

CVE-2021-3010

There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 pm GMT

CVE-2021-22661

Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 pm GMT

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 pm GMT

CVE-2020-28646

ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 pm GMT

CVE-2020-26200

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 pm GMT

CVE-2019-18945

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 am GMT

CVE-2019-18944

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 am GMT

CVE-2019-18947

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 am GMT

CVE-2019-18946

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 am GMT

CVE-2019-18942

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 am GMT

CVE-2019-18943

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.

Source: National Vulnerability Database | 26 Feb 2021 | 4:15 am GMT

CVE-2021-23962

Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23963

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23977

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23958

The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23956

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23957

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23959

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23955

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23953

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2020-24455

Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-21330

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-21724

A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.

Source: National Vulnerability Database | 26 Feb 2021 | 3:15 am GMT

CVE-2021-23971

When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23973

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23974

The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23969

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-21328

Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-23968

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Source: National Vulnerability Database | 26 Feb 2021 | 2:15 am GMT

CVE-2021-26701 (.net, .net_core)

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24101

Microsoft Dataverse Information Disclosure Vulnerability

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24102

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103.

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24114

Microsoft Teams iOS Information Disclosure Vulnerability

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24103

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102.

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24112 (.net, .net_core, mono, visual_studio_2019)

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24105

Package Managers Configurations Remote Code Execution Vulnerability

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-26700

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-24109

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

CVE-2021-25195

Windows PKU2U Elevation of Privilege Vulnerability

Source: National Vulnerability Database | 25 Feb 2021 | 11:15 pm GMT

count: 100