Vulnerability-Lookup

WID-SEC-W-2023-0839

Vulnerability from csaf_certbund - Published: 2022-02-03 23:00 - Updated: 2023-04-03 22:00

Summary

Xerox FreeFlow Print Server: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2021-38503

In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anfälligkeit für die "PRINTNIGHTMARE"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38504

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38505

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38506

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38507

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38508

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38509

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-38510

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-4128

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-4129

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-4140

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43530

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43531

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43532

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43533

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43534

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43536

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43537

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43538

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43539

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43540

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43541

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43542

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43543

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43544

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43545

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2021-43546

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21248

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21277

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21282

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21283

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21291

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21293

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21294

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21296

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21299

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21305

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21340

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21341

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21349

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21360

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21365

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21366

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21833

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21834

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21835

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21836

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21838

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21843

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21848

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21849

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21850

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21851

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21857

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21860

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21862

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21863

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21864

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21866

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21867

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21868

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21870

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21871

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21873

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21874

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21875

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21876

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21878

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21879

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21880

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21881

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21883

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21885

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21889

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21890

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21892

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21893

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21894

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21895

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21897

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21900

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21901

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21902

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21903

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21904

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21905

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21908

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21913

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21914

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21915

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21916

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21919

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21920

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21922

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21924

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21928

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21958

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21959

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21960

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21961

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21962

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-21964

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22736

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22737

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22738

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22739

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22740

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22741

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22742

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22743

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22744

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22745

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22746

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22747

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22748

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22749

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22750

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22751

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

CVE-2022-22752

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Xerox FreeFlow Print Server v2 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v2`	—
Xerox FreeFlow Print Server 9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:9`	—

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://security.business.xerox.com/wp-content/up…	external
https://securitydocs.business.xerox.com/wp-conten…	external
https://security.business.xerox.com/wp-content/up…	external
https://security.business.xerox.com/wp-content/up…	external
https://securitydocs.business.xerox.com/wp-conten…	external
https://security.business.xerox.com/wp-content/up…	external
https://securitydocs.business.xerox.com/wp-conten…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0839 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0839.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0839 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0839"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX23-005 vom 2023-04-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin: XR22-001 vom 2022-02-03",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2022/02/Xerox-Security-Bulletin-XRX22-001-XeroxFreeFlowPrintServer-v2Window10.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin",
        "url": "https://security.business.xerox.com/wp-content/uploads/2022/02/Xerox-Security-Bulletin-XRX22-004-FreeFlowPrint-Server-v9.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin",
        "url": "https://security.business.xerox.com/wp-content/uploads/2022/02/Xerox-Security-Bulletin-XRX22-007-FreeFlowPrint-Server-v9.pdf"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX22-005 vom 2022-02-14",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2022/02/Xerox-Security-Bulletin-XRX22-005-FreeFlow-Print-Server-v7.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin",
        "url": "https://security.business.xerox.com/wp-content/uploads/2022/02/Xerox-Security-Bulletin-XRX22-006-FreeFlowPrint-Server-v7.pdf"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX22-004 vom 2022-02-14",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2022/02/Xerox-Security-Bulletin-XRX22-004-FreeFlowPrint-Server-v9.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-03T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:50.666+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0839",
      "initial_release_date": "2022-02-03T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-02-03T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-02-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2023-04-03T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Xerox FreeFlow Print Server 9",
                "product": {
                  "name": "Xerox FreeFlow Print Server 9",
                  "product_id": "T002977",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Xerox FreeFlow Print Server v2",
                "product": {
                  "name": "Xerox FreeFlow Print Server v2",
                  "product_id": "T014888",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38503",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38503"
    },
    {
      "cve": "CVE-2021-38504",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38504"
    },
    {
      "cve": "CVE-2021-38505",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38505"
    },
    {
      "cve": "CVE-2021-38506",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38506"
    },
    {
      "cve": "CVE-2021-38507",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38507"
    },
    {
      "cve": "CVE-2021-38508",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38508"
    },
    {
      "cve": "CVE-2021-38509",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38509"
    },
    {
      "cve": "CVE-2021-38510",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-38510"
    },
    {
      "cve": "CVE-2021-4128",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-4128"
    },
    {
      "cve": "CVE-2021-4129",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-4129"
    },
    {
      "cve": "CVE-2021-4140",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-4140"
    },
    {
      "cve": "CVE-2021-43530",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43530"
    },
    {
      "cve": "CVE-2021-43531",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43531"
    },
    {
      "cve": "CVE-2021-43532",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43532"
    },
    {
      "cve": "CVE-2021-43533",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43533"
    },
    {
      "cve": "CVE-2021-43534",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43534"
    },
    {
      "cve": "CVE-2021-43536",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43536"
    },
    {
      "cve": "CVE-2021-43537",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43537"
    },
    {
      "cve": "CVE-2021-43538",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43538"
    },
    {
      "cve": "CVE-2021-43539",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43539"
    },
    {
      "cve": "CVE-2021-43540",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43540"
    },
    {
      "cve": "CVE-2021-43541",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43541"
    },
    {
      "cve": "CVE-2021-43542",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43542"
    },
    {
      "cve": "CVE-2021-43543",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43543"
    },
    {
      "cve": "CVE-2021-43544",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43544"
    },
    {
      "cve": "CVE-2021-43545",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43545"
    },
    {
      "cve": "CVE-2021-43546",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2021-43546"
    },
    {
      "cve": "CVE-2022-21248",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21248"
    },
    {
      "cve": "CVE-2022-21277",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21277"
    },
    {
      "cve": "CVE-2022-21282",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21282"
    },
    {
      "cve": "CVE-2022-21283",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21283"
    },
    {
      "cve": "CVE-2022-21291",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21291"
    },
    {
      "cve": "CVE-2022-21293",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21293"
    },
    {
      "cve": "CVE-2022-21294",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21294"
    },
    {
      "cve": "CVE-2022-21296",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21296"
    },
    {
      "cve": "CVE-2022-21299",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21299"
    },
    {
      "cve": "CVE-2022-21305",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21305"
    },
    {
      "cve": "CVE-2022-21340",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21340"
    },
    {
      "cve": "CVE-2022-21341",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21341"
    },
    {
      "cve": "CVE-2022-21349",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21349"
    },
    {
      "cve": "CVE-2022-21360",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21360"
    },
    {
      "cve": "CVE-2022-21365",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21365"
    },
    {
      "cve": "CVE-2022-21366",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21366"
    },
    {
      "cve": "CVE-2022-21833",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21833"
    },
    {
      "cve": "CVE-2022-21834",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21834"
    },
    {
      "cve": "CVE-2022-21835",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21835"
    },
    {
      "cve": "CVE-2022-21836",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21836"
    },
    {
      "cve": "CVE-2022-21838",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21838"
    },
    {
      "cve": "CVE-2022-21843",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21843"
    },
    {
      "cve": "CVE-2022-21848",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21848"
    },
    {
      "cve": "CVE-2022-21849",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21849"
    },
    {
      "cve": "CVE-2022-21850",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21850"
    },
    {
      "cve": "CVE-2022-21851",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21851"
    },
    {
      "cve": "CVE-2022-21857",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21857"
    },
    {
      "cve": "CVE-2022-21860",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21860"
    },
    {
      "cve": "CVE-2022-21862",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21862"
    },
    {
      "cve": "CVE-2022-21863",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21863"
    },
    {
      "cve": "CVE-2022-21864",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21864"
    },
    {
      "cve": "CVE-2022-21866",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21866"
    },
    {
      "cve": "CVE-2022-21867",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21867"
    },
    {
      "cve": "CVE-2022-21868",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21868"
    },
    {
      "cve": "CVE-2022-21870",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21870"
    },
    {
      "cve": "CVE-2022-21871",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21871"
    },
    {
      "cve": "CVE-2022-21873",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21873"
    },
    {
      "cve": "CVE-2022-21874",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21874"
    },
    {
      "cve": "CVE-2022-21875",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21875"
    },
    {
      "cve": "CVE-2022-21876",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21876"
    },
    {
      "cve": "CVE-2022-21878",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21878"
    },
    {
      "cve": "CVE-2022-21879",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21879"
    },
    {
      "cve": "CVE-2022-21880",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21880"
    },
    {
      "cve": "CVE-2022-21881",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21881"
    },
    {
      "cve": "CVE-2022-21883",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21883"
    },
    {
      "cve": "CVE-2022-21885",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21885"
    },
    {
      "cve": "CVE-2022-21889",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21889"
    },
    {
      "cve": "CVE-2022-21890",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21890"
    },
    {
      "cve": "CVE-2022-21892",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21892"
    },
    {
      "cve": "CVE-2022-21893",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21893"
    },
    {
      "cve": "CVE-2022-21894",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21894"
    },
    {
      "cve": "CVE-2022-21895",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21895"
    },
    {
      "cve": "CVE-2022-21897",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21897"
    },
    {
      "cve": "CVE-2022-21900",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21900"
    },
    {
      "cve": "CVE-2022-21901",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21901"
    },
    {
      "cve": "CVE-2022-21902",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21902"
    },
    {
      "cve": "CVE-2022-21903",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21903"
    },
    {
      "cve": "CVE-2022-21904",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21904"
    },
    {
      "cve": "CVE-2022-21905",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21905"
    },
    {
      "cve": "CVE-2022-21908",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21908"
    },
    {
      "cve": "CVE-2022-21913",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21913"
    },
    {
      "cve": "CVE-2022-21914",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21914"
    },
    {
      "cve": "CVE-2022-21915",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21915"
    },
    {
      "cve": "CVE-2022-21916",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21916"
    },
    {
      "cve": "CVE-2022-21919",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21919"
    },
    {
      "cve": "CVE-2022-21920",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21920"
    },
    {
      "cve": "CVE-2022-21922",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21922"
    },
    {
      "cve": "CVE-2022-21924",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21924"
    },
    {
      "cve": "CVE-2022-21928",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21928"
    },
    {
      "cve": "CVE-2022-21958",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21958"
    },
    {
      "cve": "CVE-2022-21959",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21959"
    },
    {
      "cve": "CVE-2022-21960",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21960"
    },
    {
      "cve": "CVE-2022-21961",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21961"
    },
    {
      "cve": "CVE-2022-21962",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21962"
    },
    {
      "cve": "CVE-2022-21964",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-21964"
    },
    {
      "cve": "CVE-2022-22736",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22736"
    },
    {
      "cve": "CVE-2022-22737",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22737"
    },
    {
      "cve": "CVE-2022-22738",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22738"
    },
    {
      "cve": "CVE-2022-22739",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22739"
    },
    {
      "cve": "CVE-2022-22740",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22740"
    },
    {
      "cve": "CVE-2022-22741",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22741"
    },
    {
      "cve": "CVE-2022-22742",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22742"
    },
    {
      "cve": "CVE-2022-22743",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22743"
    },
    {
      "cve": "CVE-2022-22744",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22744"
    },
    {
      "cve": "CVE-2022-22745",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22745"
    },
    {
      "cve": "CVE-2022-22746",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22746"
    },
    {
      "cve": "CVE-2022-22747",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22747"
    },
    {
      "cve": "CVE-2022-22748",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22748"
    },
    {
      "cve": "CVE-2022-22749",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22749"
    },
    {
      "cve": "CVE-2022-22750",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22750"
    },
    {
      "cve": "CVE-2022-22751",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22751"
    },
    {
      "cve": "CVE-2022-22752",
      "notes": [
        {
          "category": "description",
          "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere besteht auch eine Anf\u00e4lligkeit f\u00fcr die \"PRINTNIGHTMARE\"-Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014888",
          "T002977"
        ]
      },
      "release_date": "2022-02-03T23:00:00.000+00:00",
      "title": "CVE-2022-22752"
    }
  ]
}

CVE-2021-38503 (GCVE-0-2021-38503)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:22 – Updated: 2024-08-04 01:44

Summary

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

iframe sandbox rules did not apply to XSLT stylesheets

Assigner

mozilla

References

10 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1729517	x_refsource_MISC
https://www.debian.org/security/2021/dsa-5026	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5034	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202202-03	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202208-14	vendor-advisoryx_refsource_GENTOO

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1729517"
          },
          {
            "name": "DSA-5026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5026"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
          },
          {
            "name": "DSA-5034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5034"
          },
          {
            "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
          },
          {
            "name": "GLSA-202202-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202202-03"
          },
          {
            "name": "GLSA-202208-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "iframe sandbox rules did not apply to XSLT stylesheets",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T06:07:49.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1729517"
        },
        {
          "name": "DSA-5026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5026"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
        },
        {
          "name": "DSA-5034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5034"
        },
        {
          "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
        },
        {
          "name": "GLSA-202202-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202202-03"
        },
        {
          "name": "GLSA-202208-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "iframe sandbox rules did not apply to XSLT stylesheets"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1729517",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1729517"
            },
            {
              "name": "DSA-5026",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5026"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
            },
            {
              "name": "DSA-5034",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5034"
            },
            {
              "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
            },
            {
              "name": "GLSA-202202-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202202-03"
            },
            {
              "name": "GLSA-202208-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38503",
    "datePublished": "2021-12-08T21:22:07.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38504 (GCVE-0-2021-38504)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Use-after-free in file picker dialog

Assigner

mozilla

References

10 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1730156	x_refsource_MISC
https://www.debian.org/security/2021/dsa-5026	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5034	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202202-03	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202208-14	vendor-advisoryx_refsource_GENTOO

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730156"
          },
          {
            "name": "DSA-5026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5026"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
          },
          {
            "name": "DSA-5034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5034"
          },
          {
            "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
          },
          {
            "name": "GLSA-202202-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202202-03"
          },
          {
            "name": "GLSA-202208-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When interacting with an HTML input element\u0027s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in file picker dialog",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T05:13:06.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730156"
        },
        {
          "name": "DSA-5026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5026"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
        },
        {
          "name": "DSA-5034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5034"
        },
        {
          "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
        },
        {
          "name": "GLSA-202202-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202202-03"
        },
        {
          "name": "GLSA-202208-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When interacting with an HTML input element\u0027s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free in file picker dialog"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730156",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730156"
            },
            {
              "name": "DSA-5026",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5026"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
            },
            {
              "name": "DSA-5034",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5034"
            },
            {
              "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
            },
            {
              "name": "GLSA-202202-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202202-03"
            },
            {
              "name": "GLSA-202208-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38504",
    "datePublished": "2021-12-08T21:21:59.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38505 (GCVE-0-2021-38505)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Windows 10 Cloud Clipboard may have recorded sensitive user data

Assigner

mozilla

References

4 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1730194	x_refsource_MISC

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user\u0027s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Windows 10 Cloud Clipboard may have recorded sensitive user data",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-08T21:21:53.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38505",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user\u0027s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Windows 10 Cloud Clipboard may have recorded sensitive user data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730194",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38505",
    "datePublished": "2021-12-08T21:21:53.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38506 (GCVE-0-2021-38506)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Firefox could be coaxed into going into fullscreen mode without notification or warning

Assigner

mozilla

References

10 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1730750	x_refsource_MISC
https://www.debian.org/security/2021/dsa-5026	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5034	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202202-03	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202208-14	vendor-advisoryx_refsource_GENTOO

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:22.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730750"
          },
          {
            "name": "DSA-5026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5026"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
          },
          {
            "name": "DSA-5034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5034"
          },
          {
            "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
          },
          {
            "name": "GLSA-202202-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202202-03"
          },
          {
            "name": "GLSA-202208-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Firefox could be coaxed into going into fullscreen mode without notification or warning",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T05:14:10.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730750"
        },
        {
          "name": "DSA-5026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5026"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
        },
        {
          "name": "DSA-5034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5034"
        },
        {
          "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
        },
        {
          "name": "GLSA-202202-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202202-03"
        },
        {
          "name": "GLSA-202208-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Firefox could be coaxed into going into fullscreen mode without notification or warning"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730750",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730750"
            },
            {
              "name": "DSA-5026",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5026"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
            },
            {
              "name": "DSA-5034",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5034"
            },
            {
              "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
            },
            {
              "name": "GLSA-202202-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202202-03"
            },
            {
              "name": "GLSA-202208-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38506",
    "datePublished": "2021-12-08T21:21:47.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:22.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38507 (GCVE-0-2021-38507)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

Assigner

mozilla

References

10 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1730935	x_refsource_MISC
https://www.debian.org/security/2021/dsa-5026	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5034	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202202-03	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202208-14	vendor-advisoryx_refsource_GENTOO

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730935"
          },
          {
            "name": "DSA-5026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5026"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
          },
          {
            "name": "DSA-5034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5034"
          },
          {
            "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
          },
          {
            "name": "GLSA-202202-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202202-03"
          },
          {
            "name": "GLSA-202208-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T05:11:20.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730935"
        },
        {
          "name": "DSA-5026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5026"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
        },
        {
          "name": "DSA-5034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5034"
        },
        {
          "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
        },
        {
          "name": "GLSA-202202-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202202-03"
        },
        {
          "name": "GLSA-202208-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730935",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730935"
            },
            {
              "name": "DSA-5026",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5026"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
            },
            {
              "name": "DSA-5034",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5034"
            },
            {
              "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
            },
            {
              "name": "GLSA-202202-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202202-03"
            },
            {
              "name": "GLSA-202208-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38507",
    "datePublished": "2021-12-08T21:21:41.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38508 (GCVE-0-2021-38508)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Permission Prompt could be overlaid, resulting in user confusion and potential spoofing

Assigner

mozilla

References

10 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1366818	x_refsource_MISC
https://www.debian.org/security/2021/dsa-5026	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5034	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202202-03	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202208-14	vendor-advisoryx_refsource_GENTOO

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366818"
          },
          {
            "name": "DSA-5026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5026"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
          },
          {
            "name": "DSA-5034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5034"
          },
          {
            "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
          },
          {
            "name": "GLSA-202202-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202202-03"
          },
          {
            "name": "GLSA-202208-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Permission Prompt could be overlaid, resulting in user confusion and potential spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T06:09:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366818"
        },
        {
          "name": "DSA-5026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5026"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
        },
        {
          "name": "DSA-5034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5034"
        },
        {
          "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
        },
        {
          "name": "GLSA-202202-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202202-03"
        },
        {
          "name": "GLSA-202208-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38508",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Permission Prompt could be overlaid, resulting in user confusion and potential spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366818",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366818"
            },
            {
              "name": "DSA-5026",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5026"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
            },
            {
              "name": "DSA-5034",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5034"
            },
            {
              "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
            },
            {
              "name": "GLSA-202202-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202202-03"
            },
            {
              "name": "GLSA-202208-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38508",
    "datePublished": "2021-12-08T21:21:35.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38509 (GCVE-0-2021-38509)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Javascript alert box could have been spoofed onto an arbitrary domain

Assigner

mozilla

References

10 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1718571	x_refsource_MISC
https://www.debian.org/security/2021/dsa-5026	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5034	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202202-03	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202208-14	vendor-advisoryx_refsource_GENTOO

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1718571"
          },
          {
            "name": "DSA-5026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5026"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
          },
          {
            "name": "DSA-5034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5034"
          },
          {
            "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
          },
          {
            "name": "GLSA-202202-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202202-03"
          },
          {
            "name": "GLSA-202208-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker\u0027s choosing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Javascript alert box could have been spoofed onto an arbitrary domain",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T05:12:25.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1718571"
        },
        {
          "name": "DSA-5026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5026"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
        },
        {
          "name": "DSA-5034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5034"
        },
        {
          "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
        },
        {
          "name": "GLSA-202202-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202202-03"
        },
        {
          "name": "GLSA-202208-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker\u0027s choosing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Javascript alert box could have been spoofed onto an arbitrary domain"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1718571",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1718571"
            },
            {
              "name": "DSA-5026",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5026"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"
            },
            {
              "name": "DSA-5034",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5034"
            },
            {
              "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
            },
            {
              "name": "GLSA-202202-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202202-03"
            },
            {
              "name": "GLSA-202208-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38509",
    "datePublished": "2021-12-08T21:21:30.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38510 (GCVE-0-2021-38510)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 01:44

Summary

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity

No CVSS data available.

CWE

Download Protections were bypassed by .inetloc files on Mac OS

Assigner

mozilla

References

4 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1731779	x_refsource_MISC

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 94 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.3 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:23.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1731779"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user\u0027s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Download Protections were bypassed by .inetloc files on Mac OS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-08T21:21:24.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1731779"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-38510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "94"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "91.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user\u0027s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Download Protections were bypassed by .inetloc files on Mac OS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-49/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-49/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-50/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-50/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-48/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-48/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1731779",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1731779"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-38510",
    "datePublished": "2021-12-08T21:21:24.000Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:44:23.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4128 (GCVE-0-2021-4128)

Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-16 15:58

Summary

When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Use-after-free in fullscreen objects on MacOS

Assigner

mozilla

References

2 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…
https://bugzilla.mozilla.org/show_bug.cgi?id=1735852

Impacted products

1 product

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 95 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735852"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-4128",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:57:08.090549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:58:19.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "95",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.\u003cbr\u003e*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 95."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in fullscreen objects on MacOS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735852"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-4128",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2021-12-16T00:00:00.000Z",
    "dateUpdated": "2025-04-16T15:58:19.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4129 (GCVE-0-2021-4129)

Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-16 15:56

Summary

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4

Assigner

mozilla

References

4 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 95 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 91.4.0 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.4.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-4129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:56:25.351498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:56:28.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "95",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.4.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.4.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 95, Firefox ESR \u003c 91.4.0, and Thunderbird \u003c 91.4.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"
        },
        {
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-4129",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2021-12-16T00:00:00.000Z",
    "dateUpdated": "2025-04-16T15:56:28.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-0839

CVE-2021-38503 (GCVE-0-2021-38503)

CVE-2021-38504 (GCVE-0-2021-38504)

CVE-2021-38505 (GCVE-0-2021-38505)

CVE-2021-38506 (GCVE-0-2021-38506)

CVE-2021-38507 (GCVE-0-2021-38507)

CVE-2021-38508 (GCVE-0-2021-38508)

CVE-2021-38509 (GCVE-0-2021-38509)

CVE-2021-38510 (GCVE-0-2021-38510)

CVE-2021-4128 (GCVE-0-2021-4128)

CVE-2021-4129 (GCVE-0-2021-4129)

Tags

Sightings

Nomenclature