CVE-2021-27604
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration – Enterprise Service Repository JAVA Mappings), versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.
Source: CVE-2021-27604
CVE-2021-31152
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
Source: CVE-2021-31152
CVE-2021-28300
NULL Pointer Dereference in the "isomedia/track.c" module’s "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
Source: CVE-2021-28300
CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
Source: CVE-2021-29338
CVE-2020-36120
Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
Source: CVE-2020-36120
CVE-2021-26805
Buffer Overflow in the "add_a_user" function of tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.
Source: CVE-2021-26805
CVE-2021-27288
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.
Source: CVE-2021-27288
CVE-2021-27114
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"’s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
Source: CVE-2021-27114
CVE-2021-26832
Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.
Source: CVE-2021-26832
CVE-2021-27113
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
Source: CVE-2021-27113