βΌ CVE-2021-44733 βΌ
π Read
via "National Vulnerability Database".
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45258 βΌ
π Read
via "National Vulnerability Database".
A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43630 βΌ
π Read
via "National Vulnerability Database".
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43156 βΌ
π Read
via "National Vulnerability Database".
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43158 βΌ
π Read
via "National Vulnerability Database".
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45267 βΌ
π Read
via "National Vulnerability Database".
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4114 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43155 βΌ
π Read
via "National Vulnerability Database".
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45257 βΌ
π Read
via "National Vulnerability Database".
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43628 βΌ
π Read
via "National Vulnerability Database".
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45266 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45262 βΌ
π Read
via "National Vulnerability Database".
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43629 βΌ
π Read
via "National Vulnerability Database".
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43157 βΌ
π Read
via "National Vulnerability Database".
Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37706 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victimΓ’β¬β’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victimΓ’β¬β’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21934 βΌ
π Read
via "National Vulnerability Database".
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at Γ’β¬Λimei_filterΓ’β¬β’ parameter. This can be done as any authenticated user or through cross-site request forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21878 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21906 βΌ
π Read
via "National Vulnerability Database".
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called Γ’β¬ΕCMA ConnectΓ’β¬οΏ½, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21909 βΌ
π Read
via "National Vulnerability Database".
Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-21901 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal DetectorsΓ’β¬β’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21922 βΌ
π Read
via "National Vulnerability Database".
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at Γ’β¬Λusername_filterΓ’β¬β’ parameter with the administrative account or through cross-site request forgery.π Read
via "National Vulnerability Database".