‼ CVE-2021-33708 ‼
📖 Read
via "National Vulnerability Database".
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21697 ‼
📖 Read
via "National Vulnerability Database".
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21682 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37390 ‼
📖 Read
via "National Vulnerability Database".
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37389 ‼
📖 Read
via "National Vulnerability Database".
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21684 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21677 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21683 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21676 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21678 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28846 ‼
📖 Read
via "National Vulnerability Database".
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21681 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29294 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28845 ‼
📖 Read
via "National Vulnerability Database".
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29296 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21690 ‼
📖 Read
via "National Vulnerability Database".
A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29295 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21675 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38529 ‼
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38525 ‼
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38515 ‼
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46.📖 Read
via "National Vulnerability Database".