Total
83418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21900 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Libdxfrw | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21899 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Libdxfrw | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21898 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Libdxfrw | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21897 | 3 Debian, Fedoraproject, Ribbonsoft | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21895 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21893 | 1 Foxit | 1 Pdf Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2021-21885 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21882 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21880 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21879 | 1 Lantronix | 1 Premierwave 2050 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21871 | 1 Poweriso | 1 Poweriso | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version. | |||||
| CVE-2021-21870 | 1 Foxit | 1 Pdf Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. | |||||
| CVE-2021-21869 | 1 Codesys | 1 Codesys | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21868 | 1 Codesys | 1 Codesys | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21867 | 1 Codesys | 1 Codesys | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21866 | 1 Codesys | 1 Development System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21865 | 1 Codesys | 1 Development System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21864 | 1 Codesys | 1 Development System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21863 | 1 Codesys | 1 Development System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21862 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability. | |||||