Search

Search Results (364725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-24014 1 Fortinet 1 Fortisandbox 2024-11-21 5.4 Medium
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.
CVE-2021-24013 1 Fortinet 1 Fortimail 2024-11-21 8.8 High
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
CVE-2021-24012 1 Fortinet 1 Fortios 2024-11-21 6.5 Medium
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
CVE-2021-24011 1 Fortinet 1 Fortinac 2024-11-21 6.3 Medium
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
CVE-2021-24010 1 Fortinet 1 Fortisandbox 2024-11-21 8.1 High
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
CVE-2021-24009 1 Fortinet 1 Fortiwan 2024-11-21 7.2 High
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.
CVE-2021-24007 1 Fortinet 1 Fortimail 2024-11-21 9.8 Critical
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2021-24006 1 Fortinet 1 Fortimanager 2024-11-21 6.3 Medium
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
CVE-2021-24005 1 Fortinet 1 Fortiauthenticator 2024-11-21 4 Medium
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
CVE-2021-24002 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-24001 1 Mozilla 1 Firefox 2024-11-21 4.3 Medium
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.
CVE-2021-24000 1 Mozilla 1 Firefox 2024-11-21 3.1 Low
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type="file"&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.
CVE-2021-23999 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-23998 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 6.5 Medium
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-23997 1 Mozilla 1 Firefox 2024-11-21 8.8 High
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.
CVE-2021-23996 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.
CVE-2021-23995 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-23994 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-23993 2 Mozilla, Redhat 3 Thunderbird, Enterprise Linux, Rhel Eus 2024-11-21 6.5 Medium
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.
CVE-2021-23992 2 Mozilla, Redhat 3 Thunderbird, Enterprise Linux, Rhel Eus 2024-11-21 4.3 Medium
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.