CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25656 – Avaya Aura Experience Portal XSS vulnerabilities
https://notcve.org/view.php?id=CVE-2021-25656
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). Se han detectado vulnerabilidades de inyección XSS almacenadas en la administración web de Avaya Aura Experience Portal que podrían permitir a un usuario autenticado revelar potencialmente información confidencial. Las versiones afectadas incluyen la versiones 7.0 hasta 7.2.3 (sin hotfix) y versión 8.0.0 (sin hotfix) • https://downloads.avaya.com/css/P8/documents/101076234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25655 – URL redirection to untrusted site possible in Avaya Aura Experience Portal
https://notcve.org/view.php?id=CVE-2021-25655
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). Una vulnerabilidad en el componente Service Menu del sistema de Avaya Aura Experience Portal puede permitir el redireccionamiento de la URL a cualquier sitio no confiable mediante un ataque diseñado. Las versiones afectadas incluyen de las versiones 7.0 hasta 7.2.3 (sin hotfix) y versión 8.0.0 (sin hotfix) • https://downloads.avaya.com/css/P8/documents/101076234 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 2%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa&#x • CWE-476: NULL Pointer Dereference •