Security Vulnerabilities - CVEs Published In December 2021
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-28
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-12-28
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
CVSS Score
6.4
EPSS Score
0.0
Published
2021-12-28
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.6
EPSS Score
0.001
Published
2021-12-28
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-28
Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-12-28
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-28
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-28
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-28
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-28