Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23961 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. | |||||
| CVE-2021-23960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||
| CVE-2021-23957 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | |||||
| CVE-2021-23956 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. | |||||
| CVE-2021-23953 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||
| CVE-2021-23907 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2024-11-21 | 7.5 HIGH | 2.9 LOW |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-23900 | 1 Owasp | 1 Json-sanitizer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations. | |||||
| CVE-2021-23887 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. | |||||
| CVE-2021-23876 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware. | |||||
| CVE-2021-23845 | 1 Bosch | 8 B426, B426-cn, B426-cn Firmware and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
| This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. | |||||
| CVE-2021-23639 | 1 Markdown To Pdf Project | 1 Markdown To Pdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. | |||||
| CVE-2021-23555 | 1 Vm2 Project | 1 Vm2 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-23432 | 1 Mootools Project | 1 Mootools | 2024-11-21 | 7.5 HIGH | 5.4 MEDIUM |
| This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() | |||||
| CVE-2021-23425 | 1 Trim-off-newlines Project | 1 Trim-off-newlines | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | |||||
| CVE-2021-23424 | 1 Ansi-html Project | 1 Ansi-html | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. | |||||
| CVE-2021-23413 | 1 Jszip Project | 1 Jszip | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. | |||||
| CVE-2021-23409 | 1 Go-proxyproto Project | 1 Go-proxyproto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. | |||||
| CVE-2021-23406 | 1 Pac-resolver Project | 1 Pac-resolver | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | |||||
| CVE-2021-23392 | 1 Locutus | 1 Locutus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. | |||||
| CVE-2021-23388 | 1 Forms Project | 1 Forms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. | |||||