CVE-2021-33019

A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

CVE-2021-33362

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

CVE-2021-33353

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...

CVE-2021-33852

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...

CVE-2021-33007

A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code...

CVE-2021-33304

Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/picofragments.c in function picofragmentsreassemble, allows attackers to execute arbitrary code...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

CVE-2021-33971

Qihoo 360 https://www.360.cn/ Qihoo 360 Safeguard https://www.360.cn/ Qihoo 360 Total Security http://www.360totalsecurity.com/ is affected by: Buffer Overflow. The impact is: execute arbitrary code local. The component is: This is a set of vulnerabilities affecting popular software, "360...

CVE-2021-28954

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository...

CVE-2021-28300

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service DoS by uploading a malicious MP4 file...

CVE-2021-28832

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration...

CVE-2021-31624

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.196318, and AC9 V3.0 V15.03.06.42multi, allows attackers to execute arbitrary code via the urls parameter...

CVE-2021-31255

Buffer overflow in the abstboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

CVE-2021-31448

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31746

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution...

CVE-2021-22639

An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite versions prior to 4.0.10.0...