An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-12-28
Updated
2022-03-24
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-12-28
Updated
2022-03-24
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-12-28
Updated
2022-04-06
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-12-28
Updated
2022-01-06
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-12-28
Updated
2022-01-06
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-12-27
Updated
2023-05-24
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-12-27
Updated
2023-05-24
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-12-27
Updated
2023-05-24
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
Max CVSS
6.1
EPSS Score
0.13%
Published
2021-12-28
Updated
2022-01-06
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-12-27
Updated
2022-01-12
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface.
Max CVSS
6.1
EPSS Score
0.06%
Published
2021-12-27
Updated
2022-01-07
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-12-27
Updated
2022-01-07
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-29
Updated
2022-01-11
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
Max CVSS
7.5
EPSS Score
0.11%
Published
2021-12-27
Updated
2022-01-07
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting.
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-12-30
Updated
2023-01-20
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-12-30
Updated
2022-01-10
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
Max CVSS
9.8
EPSS Score
1.22%
Published
2021-12-28
Updated
2022-01-07
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-12-28
Updated
2022-01-12
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-12-28
Updated
2022-01-07
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
Max CVSS
8.8
EPSS Score
0.10%
Published
2021-12-30
Updated
2022-01-11
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.
Max CVSS
7.5
EPSS Score
0.09%
Published
2021-12-26
Updated
2022-02-09
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-12-26
Updated
2022-01-05
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-12-26
Updated
2022-01-05
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-12-26
Updated
2022-01-05
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-12-26
Updated
2022-01-06
1942 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!