Search Results (364448 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44956 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.
CVE-2021-44954 1 Qvis 4 Dvr, Dvr Firmware, Nvr and 1 more 2024-11-21 7.8 High
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.
CVE-2021-44949 1 Glfusion 1 Glfusion 2024-11-21 9.8 Critical
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
CVE-2021-44942 1 Glfusion 1 Glfusion 2024-11-21 4.3 Medium
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.
CVE-2021-44937 1 Glfusion 1 Glfusion 2024-11-21 5.3 Medium
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.
CVE-2021-44935 1 Glfusion 1 Glfusion 2024-11-21 9.1 Critical
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.
CVE-2021-44927 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
CVE-2021-44926 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash.
CVE-2021-44925 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
CVE-2021-44924 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
CVE-2021-44922 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
CVE-2021-44921 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
CVE-2021-44920 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.
CVE-2021-44919 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash.
CVE-2021-44918 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.
CVE-2021-44917 1 Gnuplot 1 Gnuplot 2024-11-21 5.5 Medium
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.
CVE-2021-44916 1 Opmantek 1 Open-audit 2024-11-21 6.1 Medium
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
CVE-2021-44915 1 Taogogo 1 Taocms 2024-11-21 7.2 High
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2021-44912 1 Xpressengine 1 Xpressengine 2024-11-21 5.4 Medium
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL.
CVE-2021-44911 1 Xpressengine 1 Xpressengine 2024-11-21 5.4 Medium
XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities.