Skip to main content
CVE-2021-20991 HIGH POC This Week

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Home Center 2 Firmware Home Center Lite Firmware
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2021-29279 HIGH POC PATCH This Week

There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-31255 HIGH POC PATCH This Week

Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-31254 HIGH POC PATCH This Week

Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-29457 HIGH POC PATCH This Week

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-20992 HIGH POC This Week

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Home Center 2 Firmware Home Center Lite Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20990 HIGH POC This Week

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Home Center 2 Firmware Home Center Lite Firmware
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-20989 MEDIUM POC This Month

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Home Center 2 Firmware Home Center Lite Firmware
NVD
CVSS 3.1
5.9
EPSS
2.0%
CVE-2021-3505 MEDIUM POC PATCH This Month

A flaw was found in libtpms in versions before 0.8.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Libtpms Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-30199 MEDIUM POC PATCH This Month

In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30022 MEDIUM POC PATCH This Month

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-30020 MEDIUM POC PATCH This Month

In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30019 MEDIUM POC PATCH This Month

In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30015 MEDIUM POC PATCH This Month

There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30014 MEDIUM POC PATCH This Month

There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-31262 MEDIUM POC PATCH This Month

The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31261 MEDIUM POC PATCH This Month

The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-31260 MEDIUM POC PATCH This Month

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31259 MEDIUM POC PATCH This Month

The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31258 MEDIUM POC PATCH This Month

The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31257 MEDIUM POC PATCH This Month

The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31256 MEDIUM POC PATCH This Month

Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-29458 MEDIUM POC PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-3498 HIGH PATCH This Week

A heap corruption vulnerability exists in GStreamer media framework versions before 1.18.4 when parsing malformed Matroska (MKV) video files. An attacker can craft a malicious Matroska file that, when processed by a vulnerable GStreamer installation, triggers heap memory corruption leading to potential code execution with the privileges of the application using GStreamer. While not known to be actively exploited in the wild (not in KEV), a public proof-of-concept exploit is available and the EPSS score of 0.24% indicates moderate exploitation likelihood.

Information Disclosure Debian Linux Enterprise Linux Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3497 HIGH PATCH This Week

A use-after-free vulnerability exists in GStreamer's Matroska demuxer that can be triggered when processing malformed video files, potentially allowing attackers to execute arbitrary code or cause application crashes. The vulnerability affects GStreamer versions before 1.18.4 and requires local access with user interaction to exploit. With an EPSS score of only 0.18% and no KEV listing, this vulnerability has low real-world exploitation probability despite its high CVSS score of 7.8.

Use After Free Denial Of Service Gstreamer Enterprise Linux Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27031 HIGH This Week

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Fbx Review
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-27030 HIGH This Week

A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Fbx Review
NVD
CVSS 3.1
7.8
EPSS
59.6%
CVE-2021-27028 HIGH This Week

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fbx Review
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-27027 HIGH This Week

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Fbx Review
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-21981 HIGH PATCH This Week

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Vmware Nsx T Data Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27458 HIGH This Week

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pc10G Cpu Tcc 6353 Firmware Pc10Ge Tcc 6464 Firmware Pc10P Tcc 6372 Firmware Pc10P Dp Tcc 6726 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20527 HIGH This Week

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Resilient
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-3506 HIGH PATCH This Week

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +10
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-29453 MEDIUM PATCH This Month

matrix-media-repo is an open-source multi-domain media repository for Matrix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Matrix Media Repo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21070 MEDIUM PATCH This Month

Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Privilege Escalation Adobe Robohelp
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-20208 MEDIUM PATCH This Month

A flaw was found in cifs-utils in versions before 6.13. Rated medium severity (CVSS 6.1).

Information Disclosure Cifs Utils Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29399 MEDIUM PATCH This Month

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xmb
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-27029 MEDIUM This Month

The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fbx Review
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-29455 MEDIUM PATCH This Month

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Grassroot Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29434 MEDIUM PATCH This Month

Wagtail is a Django content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python XSS RCE Wagtail
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy