Security Vulnerabilities - CVEs Published In 2021
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
CVSS Score
5.5
EPSS Score
0.004
Published
2021-12-22
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-22
An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-22
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-22
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-22
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
CVSS Score
7.3
EPSS Score
0.001
Published
2021-12-22
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-22
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-22
Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-22
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-12-22