Security Vulnerabilities - CVEs Published In 2021
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-12-22
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-12-22
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-21