Search Results (363118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-23962 1 Mozilla 1 Firefox 2024-11-21 8.8 High
Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.
CVE-2021-23961 3 Debian, Mozilla, Redhat 4 Debian Linux, Firefox, Enterprise Linux and 1 more 2024-11-21 7.4 High
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
CVE-2021-23960 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23959 1 Mozilla 1 Firefox 2024-11-21 6.1 Medium
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.
CVE-2021-23958 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
CVE-2021-23957 1 Mozilla 1 Firefox 2024-11-21 7.4 High
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.
CVE-2021-23956 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.
CVE-2021-23955 1 Mozilla 1 Firefox 2024-11-21 6.1 Medium
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
CVE-2021-23954 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23953 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 4.3 Medium
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23937 1 Apache 1 Wicket 2024-11-21 7.5 High
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow down request processing of the Apache Wicket application causing a possible denial of service on either the internal infrastructure or the web application itself. This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket 6.x version 6.2.0 and later versions.
CVE-2021-23936 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via the subject of a task.
CVE-2021-23935 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
CVE-2021-23934 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
CVE-2021-23933 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
CVE-2021-23932 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
CVE-2021-23931 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via an inline binary file.
CVE-2021-23930 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
CVE-2021-23929 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
CVE-2021-23928 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.