Search Results (364251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33364 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33363 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33362 1 Gpac 1 Gpac 2024-11-21 7.8 High
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-33361 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33359 1 Sensepost 1 Gowitness 2024-11-21 7.5 High
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.
CVE-2021-33358 1 Raspap 1 Raspap 2024-11-21 8.8 High
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.
CVE-2021-33357 1 Raspap 1 Raspap 2024-11-21 9.8 Critical
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
CVE-2021-33356 1 Raspap 1 Raspap 2024-11-21 8.8 High
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
CVE-2021-33348 1 Jfinal 1 Jfinal 2024-11-21 6.1 Medium
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
CVE-2021-33347 1 Jpress 1 Jpress 2024-11-21 5.4 Medium
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.
CVE-2021-33346 1 Dlink 2 Dsl-2888a, Dsl-2888a Firmware 2024-11-21 9.8 Critical
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.
CVE-2021-33321 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 7.5 High
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.
CVE-2021-33318 2 Ipmatcher Project, Watsonwebserver Project 2 Ipmatcher, Watsonwebserver 2024-11-21 9.8 Critical
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
CVE-2021-33317 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 7.5 High
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
CVE-2021-33316 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33315 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33295 1 Joplin Project 1 Joplin 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
CVE-2021-33294 1 Elfutils Project 1 Elfutils 2024-11-21 5.5 Medium
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
CVE-2021-33293 2 Debian, Libpano13 Project 2 Debian Linux, Libpano13 2024-11-21 9.1 Critical
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.
CVE-2021-33286 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 7.8 High
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.