Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23935 | 1 Student Management System Project | 1 Student Management System | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | |||||
| CVE-2020-5741 | 2 Microsoft, Plex | 2 Windows, Media Server | 2021-12-14 | 6.5 MEDIUM | 7.2 HIGH |
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | |||||
| CVE-2019-13358 | 1 Opencats | 1 Opencats | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. | |||||
| CVE-2018-1000036 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |||||
| CVE-2017-6166 | 1 F5 | 11 Big-ip Afm, Big-ip Analytics, Big-ip Apm and 8 more | 2021-12-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device. | |||||
| CVE-2016-10247 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||||
| CVE-2016-10246 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||||
| CVE-2021-39200 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-12-14 | 4.3 MEDIUM | 5.3 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. | |||||
| CVE-2021-29630 | 1 Freebsd | 1 Freebsd | 2021-12-14 | 7.6 HIGH | 8.1 HIGH |
| In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code. | |||||
| CVE-2021-29631 | 1 Freebsd | 1 Freebsd | 2021-12-14 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process. | |||||
| CVE-2021-28696 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2021-12-14 | 4.6 MEDIUM | 6.8 MEDIUM |
| IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). | |||||
| CVE-2021-28695 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2021-12-14 | 4.6 MEDIUM | 6.8 MEDIUM |
| IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). | |||||
| CVE-2021-42771 | 2 Debian, Pocoo | 2 Debian Linux, Babel | 2021-12-14 | 7.2 HIGH | 7.8 HIGH |
| Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | |||||
| CVE-2021-39201 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-12-14 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) | |||||
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2021-12-14 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | |||||
| CVE-2016-1247 | 4 Canonical, Debian, F5 and 1 more | 4 Ubuntu Linux, Debian Linux, Nginx and 1 more | 2021-12-14 | 7.2 HIGH | 7.8 HIGH |
| The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | |||||
| CVE-2016-6457 | 1 Cisco | 19 Application Policy Infrastructure Controller, Nexus 92160yc-x, Nexus 92304qc and 16 more | 2021-12-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r). | |||||
| CVE-2021-33720 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition. | |||||
| CVE-2021-28705 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2021-12-14 | 6.9 MEDIUM | 7.8 HIGH |
| issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) | |||||
| CVE-2021-41281 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-12-14 | 4.3 MEDIUM | 7.5 HIGH |
| Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config. | |||||
| CVE-2021-44079 | 1 Wazuh | 1 Wazuh | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | |||||
| CVE-2021-37173 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2021-12-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device. | |||||
| CVE-2021-33059 | 1 Intel | 1 Administrative Tools For Intel Network Adapters | 2021-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33058 | 1 Intel | 1 Administrative Tools For Intel Network Adapters | 2021-12-14 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0200 | 1 Intel | 22 Ethernet Controller V710-at2, Ethernet Controller V710-at2 Firmware, Ethernet Controller X710-am2 and 19 more | 2021-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0199 | 1 Intel | 6 Ethernet Network Controller E810-cam1, Ethernet Network Controller E810-cam1 Firmware, Ethernet Network Controller E810-cam2 and 3 more | 2021-12-14 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2021-37206 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. | |||||
| CVE-2021-40096 | 1 Squaredup | 1 Squaredup | 2021-12-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations. | |||||
| CVE-2020-12387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-12-14 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2021-39316 | 1 Digitalzoomstudio | 1 Zoomsounds | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. | |||||
| CVE-2021-33098 | 1 Intel | 4 Ethernet 500 Series Controllers Driver, Ethernet Connection X540, Ethernet Connection X550 and 1 more | 2021-12-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-20214 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. | |||||
| CVE-2021-20213 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. | |||||
| CVE-2021-20212 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. | |||||
| CVE-2021-20215 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. | |||||
| CVE-2021-20209 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. | |||||
| CVE-2021-20217 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20216 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-44436 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905) | |||||
| CVE-2021-20275 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. | |||||
| CVE-2021-20274 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | |||||
| CVE-2021-20211 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. | |||||
| CVE-2021-22568 | 1 Dart | 1 Dart Software Development Kit | 2021-12-14 | 6.0 MEDIUM | 8.8 HIGH |
| When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0 | |||||
| CVE-2021-44435 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903) | |||||
| CVE-2021-44430 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829) | |||||
| CVE-2021-44433 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900) | |||||
| CVE-2021-44449 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) | |||||
| CVE-2021-44448 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051) | |||||
| CVE-2021-44447 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911) | |||||