Skip to main content
CVE-2021-20989 MEDIUM POC This Month

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Home Center 2 Firmware Home Center Lite Firmware
NVD
CVSS 3.1
5.9
EPSS
2.0%
CVE-2021-3505 MEDIUM POC PATCH This Month

A flaw was found in libtpms in versions before 0.8.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Libtpms Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-30199 MEDIUM POC PATCH This Month

In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30022 MEDIUM POC PATCH This Month

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-30020 MEDIUM POC PATCH This Month

In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30019 MEDIUM POC PATCH This Month

In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30015 MEDIUM POC PATCH This Month

There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30014 MEDIUM POC PATCH This Month

There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-31262 MEDIUM POC PATCH This Month

The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31261 MEDIUM POC PATCH This Month

The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-31260 MEDIUM POC PATCH This Month

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31259 MEDIUM POC PATCH This Month

The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31258 MEDIUM POC PATCH This Month

The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31257 MEDIUM POC PATCH This Month

The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31256 MEDIUM POC PATCH This Month

Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-29458 MEDIUM POC PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-29453 MEDIUM PATCH This Month

matrix-media-repo is an open-source multi-domain media repository for Matrix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Matrix Media Repo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21070 MEDIUM PATCH This Month

Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Privilege Escalation Adobe Robohelp
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-20208 MEDIUM PATCH This Month

A flaw was found in cifs-utils in versions before 6.13. Rated medium severity (CVSS 6.1).

Information Disclosure Cifs Utils Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29399 MEDIUM PATCH This Month

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xmb
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-27029 MEDIUM This Month

The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fbx Review
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-29455 MEDIUM PATCH This Month

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Grassroot Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29434 MEDIUM PATCH This Month

Wagtail is a Django content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python XSS RCE Wagtail
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy