CVSS: 5.9EPSS: 96%CPEs: 213EXPL: 7CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
https://notcve.org/view.php?id=CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 https://github.com/tejas-nagchandi/CVE-2021-45105 https://github.com/pravin-pp/log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105-v htt • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4038 – NSM vulnerable to XSS
https://notcve.org/view.php?id=CVE-2021-4038
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en McAfee Network Security Manager (NSM) versiones anteriores a 10.1 Minor 7, permite a un administrador remoto autenticado insertar una vulnerabilidad de tipo XSS en la interfaz del administrador por medio de reglas personalizadas especialmente diseñadas que contienen HTML. NSM no saneaba correctamente el contenido de las reglas personalizadas en todos los casos • https://kc.mcafee.com/corporate/index?page=content&id=SB10375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20026
https://notcve.org/view.php?id=CVE-2021-20026
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. Una vulnerabilidad en el producto SonicWall NSM On-Prem, permite a un atacante autenticado llevar a cabo una inyección de comandos del Sistema Operativo usando una petición HTTP diseñada. Esta vulnerabilidad afecta a NSM On-Prem versiones 2.2.0-R10 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0014 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7256 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7256
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores a 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7258 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7258
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •