Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40606 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40604 1 Invisioncommunity 1 Ips Community Suite 2024-11-21 9.1 Critical
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
CVE-2021-40597 1 Edimax 2 Ic-3140w, Ic-3140w Firmware 2024-11-21 9.8 Critical
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
CVE-2021-40595 1 Online Leave Management System Project 1 Online Leave Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
CVE-2021-40592 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
CVE-2021-40589 1 Zangband-data Project 1 Zangband-data 2024-11-21 9.8 Critical
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.
CVE-2021-40579 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 6.5 Medium
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).
CVE-2021-40578 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 7.2 High
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
CVE-2021-40577 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.
CVE-2021-40576 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.
CVE-2021-40575 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.
CVE-2021-40573 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.
CVE-2021-40572 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
CVE-2021-40571 1 Gpac 1 Gpac 2024-11-21 7.8 High
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40570 1 Gpac 1 Gpac 2024-11-21 7.8 High
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40569 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.
CVE-2021-40568 1 Gpac 1 Gpac 2024-11-21 7.8 High
A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40567 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.
CVE-2021-40566 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.
CVE-2021-40565 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.