Security Vulnerabilities - CVEs Published In February 2021
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-02-26
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-02-26
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
CVSS Score
7.5
EPSS Score
0.002
Published
2021-02-26
LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].
CVSS Score
6.1
EPSS Score
0.004
Published
2021-02-26
LMA ISIDA Retriever 5.2 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-02-26
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-02-26
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-02-26
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-26
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.
CVSS Score
6.8
EPSS Score
0.0
Published
2021-02-26
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-02-26