CVE-2021-44008

A vulnerability has been identified in JT2Go All versions V13.2.0.5, Teamcenter Visualization All versions V13.2.0.5. The TiffLoader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak...

Bentley View JT File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A security vulnerability exists in Bentley View JT file parsing, which can be exploited by attackers to execute code in the context of the current process...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

Adobe Media Encoder 缓冲区错误漏洞

Adobe Media Encoder, an audio and video encoding application from Adobe, is vulnerable to a memory corruption vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. A memory corruption vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

Bentley View JT File Parsing Memory Corruption Remote Code Execution Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A security vulnerability exists in Bentley View JT file parsing, which is caused by a lack of proper validation of user-supplied data and can be exploited by an attacker to execute code in the context of the current process...

CVE-2021-24925

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site...

Bentley View Buffer Overflow Vulnerability (CNVD-2021-101860)

Bentley View is a free viewer from Bentley Systems, U.S.A. Bentley View is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing JT files. An attacker could exploit this vulnerability to execute code in the context of the current process...

Bentley View BMP File Parsing Stack Buffer Overflow Vulnerability

Bentley View, a free viewer from Bentley Systems, Inc. A stack buffer overflow vulnerability exists in Bentley View BMP file parsing, which is due to a failure to properly validate the length of user-supplied data before copying it to the heap buffer. An attacker could exploit this vulnerability ...

Bentley View JT File Memory Misreference Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View is vulnerable to a memory misreference vulnerability that results from not verifying the existence of an object before performing an operation on it. An attacker could exploit this vulnerability to execute code in the context o...

Bentley View J2K File Parsing Memory Misreference Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

CVE-2021-25521

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet...

CVE-2021-25521

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet...

Code injection

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet...

GHSA-WJQC-J537-J9GJ Command injection in git-it-electron

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

Bentley View DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...

Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...

Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...