Microsoft VP9 Video Extensions Remote Code Execution [CVE-2021-31967]

A vulnerability was found in Microsoft VP9 Video Extensions (the affected version unknown). It has been classified as critical. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Description:

VP9 Video Extensions Remote Code Execution Vulnerability.

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
Base Score: 8.8 (HIGH) | Impact Score: 5.9 | Exploitability Score: 2.8 

Vector:  (AV:N/AC:M/Au:N/C:P/I:P/A:P) 
Base Score: 6.8 (MEDIUM) | Impact Score: 6.4 | Exploitability Score: 8.6

Exploitation vector: Network

Vulnerable software versions

VP9 Video Extensions: All versions

Mitigation

Install updates from vendor’s website.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

Description zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db)

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with