Search Results (21069 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29457 4 Debian, Exiv2, Fedoraproject and 1 more 4 Debian Linux, Exiv2, Fedora and 1 more 2024-11-21 7.8 High
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.
CVE-2021-29393 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 9.8 Critical
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.
CVE-2021-29390 3 Fedoraproject, Libjpeg-turbo, Redhat 3 Fedora, Libjpeg-turbo, Enterprise Linux 2024-11-21 7.1 High
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
CVE-2021-29379 1 Dlink 2 Dir-802, Dir-802 Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-29369 1 Gnuplot Project 1 Gnuplot 2024-11-21 9.8 Critical
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
CVE-2021-29367 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.
CVE-2021-29366 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29364 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29363 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74
CVE-2021-29362 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29361 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29360 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29327 1 Moddable 1 Moddable 2024-11-21 7.8 High
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.
CVE-2021-29326 1 Moddable 1 Moddable 2024-11-21 7.8 High
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.
CVE-2021-29325 1 Moddable 1 Moddable 2024-11-21 7.8 High
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.
CVE-2021-29323 1 Moddable 1 Moddable 2024-11-21 5.5 Medium
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.
CVE-2021-29300 1 Ronomon 1 Opened 2024-11-21 9.8 Critical
The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.
CVE-2021-29279 1 Gpac 1 Gpac 2024-11-21 7.8 High
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.
CVE-2021-29147 1 Arubanetworks 1 Clearpass 2024-11-21 8.8 High
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
CVE-2021-29143 1 Arubanetworks 8 Aos-cx Firmware, Cx 6200f, Cx 6300 and 5 more 2024-11-21 7.2 High
A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.