CVE-2021-35240 – Stored XSS via Help Server settings
https://notcve.org/view.php?id=CVE-2021-35240
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. Un investigador de seguridad almacenó un ataque de tipo XSS por medio de una configuración del Servidor de Ayuda. Esto afecta a clientes usando Internet Explorer, porque no soportan "rel=noopener" • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Stored-XSS-via-Help-Server-setting-CVE-2021-35240?language=en_US https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-26419
Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de Corrupción de la Memoria del Motor de Scripting There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. • http://packetstormsecurity.com/files/162570/Internet-Explorer-jscript9.dll-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419 • CWE-787: Out-of-bounds Write •
CVE-2021-27085 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27085
Internet Explorer Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Internet Explorer Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085 •
CVE-2021-26411 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-26411
Internet Explorer Memory Corruption Vulnerability Una Vulnerabilidad de Corrupción de la Memoria de Internet Explorer Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. • https://github.com/CrackerCat/CVE-2021-26411 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411 • CWE-416: Use After Free •
CVE-2020-17058 – Microsoft Browser Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-17058
Microsoft Browser Memory Corruption Vulnerability Vulnerabilidad de corrupción en la memoria del navegador de Microsoft • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17058 • CWE-787: Out-of-bounds Write •