Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29464 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-11-21 | 3.3 Low |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. | ||||
| CVE-2021-29457 | 4 Debian, Exiv2, Fedoraproject and 1 more | 4 Debian Linux, Exiv2, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. | ||||
| CVE-2021-29393 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-11-21 | 9.8 Critical |
| Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters. | ||||
| CVE-2021-29390 | 3 Fedoraproject, Libjpeg-turbo, Redhat | 3 Fedora, Libjpeg-turbo, Enterprise Linux | 2024-11-21 | 7.1 High |
| libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. | ||||
| CVE-2021-29379 | 1 Dlink | 2 Dir-802, Dir-802 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-29369 | 1 Gnuplot Project | 1 Gnuplot | 2024-11-21 | 9.8 Critical |
| The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands. | ||||
| CVE-2021-29367 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. | ||||
| CVE-2021-29366 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29364 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29363 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74 | ||||
| CVE-2021-29362 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29361 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29360 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29327 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.8 High |
| OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. | ||||
| CVE-2021-29326 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.8 High |
| OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. | ||||
| CVE-2021-29325 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.8 High |
| OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. | ||||
| CVE-2021-29323 | 1 Moddable | 1 Moddable | 2024-11-21 | 5.5 Medium |
| OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. | ||||
| CVE-2021-29300 | 1 Ronomon | 1 Opened | 2024-11-21 | 9.8 Critical |
| The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input. | ||||
| CVE-2021-29279 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed. | ||||
| CVE-2021-29147 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 8.8 High |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | ||||