Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
NVD-CWE-noinfo
CVE-2021-26444
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323.
CVE-2021-26471
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
CVE-2021-26539
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the “allowedIframeHostnames” option.
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the “allowedIframeHostnames” option when the “allowIframeRelativeUrls” is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with “/\example.com”.
CVE-2021-26375
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
