Search Results (364053 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-31294 1 Redis 1 Redis 2024-11-21 5.9 Medium
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
CVE-2021-31292 4 Debian, Exiv2, Fedoraproject and 1 more 4 Debian Linux, Exiv2, Fedora and 1 more 2024-11-21 7.5 High
An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.
CVE-2021-31274 1 Librenms 1 Librenms 2024-11-21 5.4 Medium
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
CVE-2021-31272 1 Serenityos 1 Serenityos 2024-11-21 9.8 Critical
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31262 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31261 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
CVE-2021-31260 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31259 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31258 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31257 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31256 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-31255 1 Gpac 1 Gpac 2024-11-21 7.8 High
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-31254 1 Gpac 1 Gpac 2024-11-21 7.8 High
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
CVE-2021-31252 1 Chiyu-tech 28 Bf-430, Bf-430 Firmware, Bf-431 and 25 more 2024-11-21 6.1 Medium
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
CVE-2021-31251 1 Chiyu-tech 20 Bf-430, Bf-430 Firmware, Bf-431 and 17 more 2024-11-21 9.8 Critical
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
CVE-2021-31250 1 Chiyu-tech 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more 2024-11-21 5.4 Medium
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
CVE-2021-31249 1 Chiyu-tech 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more 2024-11-21 6.5 Medium
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
CVE-2021-31245 1 Openmptcprouter 1 Openmptcprouter 2024-11-21 5.9 Medium
omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack.
CVE-2021-31232 1 Linuxfoundation 1 Cortex 2024-11-21 5.5 Medium
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
CVE-2021-31231 1 Grafana 1 Enterprise Metrics 2024-11-21 5.5 Medium
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.