87 matches found
CVE-2021-38449
Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product...
CVE-2021-38453
Some API functions allow interaction with the registry, which includes reading values as well as data modification...
CVE-2021-38463
The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions...
Design/Logic Flaw
There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...
Code injection
Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product...
Input validation
Some API functions allow interaction with the registry, which includes reading values as well as data modification...
Design/Logic Flaw
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...
Design/Logic Flaw
The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions...
CVE-2021-38449
CVE-2021-38449 affects AUVESY Versiondog. The vulnerability stems from by-design writing or copying data into a buffer controlled by the client, enabling memory rewrite in the affected product. It is rated CVSS v3.1 base 9.8 (NETWORK, LOWATTACK, NONE privileges, HIGH confidentiality/integrity/ava...
CVE-2021-38463 AUVESY Versiondog
The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions...
AUVESY Versiondog Resource Management Error Vulnerability (CNVD-2021-82931)
AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a resource management error vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to allocate unlimited memory buffers using API functions...
AUVESY Versiondog out-of-bounds write vulnerability
An out-of-bounds write vulnerability exists in AUVESY Versiondog, an automated production data and change management software solution from AUVESY Germany, which could be exploited by attackers to manipulate API functions by writing arbitrary data to the resolved address of the original pointer...
CVE-2021-38431
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users...
CVE-2021-38431
CVE-2021-38431 affects Advantech WebAccess SCADA (WebAccess/SCADA) versions 9.0.3 and earlier. An authenticated user can use API functions to disclose project names and paths from other users due to a missing authorization issue (CWE-862). The CVSS v3 base score is 4.3 (Network, Low attack comple...
CVE-2021-38431 Advantech WebAccess SCADA
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users...
Insecure Access Control
shinobi uses insecure access controls. An attacker is able to access the User/Admin/Super API functions through the use of JS Proto Method names held in an internal JS Object and trick the System into accepting supplied API Key that exists in the underlying JS object...
Design/Logic Flaw
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs...
REDDOXX Appliance Information Disclosure
Advisory: Information Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an Information Disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to gain information about the internal network the appliance is part of. Details ======= Product:...