CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API...

Out-of-bounds

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability...

CVE-2021-36336

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system...

Security Bulletin: Log4JShell Vulnerability affects Watson Knowledge Catalog InstaScan (CVE-2021-44228)

Summary There is a vulnerability in the version of Apache Log4j that was included in Watson Knowledge Catalog InstaScan. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

Bentley View JT File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View JT file parsing stack buffer overflow remote code execution vulnerability is due to failure to properly validate the length of user-supplied data before copying it to the stack buffer. An attacker could exploit this vulnerabili...

CVE-2021-44437

A vulnerability has been identified in JT Utilities All versions V13.1.1.0, JTTK All versions V11.1.1.0. JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execu...

Bentley View J2K File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A security vulnerability exists in the Bentley View J2K file parser, which can be exploited by attackers to execute code in the context of the current process...

Bentley View DGN File Parsing Stack Buffer Overflow Vulnerability

Bentley View, a free viewer from Bentley Systems, Inc. A stack buffer overflow vulnerability exists in Bentley View DGN file parsing, which stems from a lack of proper validation of the length of user-supplied data before it is copied to the heap buffer in DGN file parsing. An attacker could...

Autodesk Navisworks code issue vulnerability

Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. A code issue vulnerability exists in Autodesk Navisworks, which can be exploited by attackers to execute code via a maliciously crafted DLL file...

Bentley View J2K File Parsing Memory Misreference Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

CVE-2021-20045

CVE-2021-20045 is a buffer overflow vulnerability in SonicWall SMA100 series, specifically the sonicfiles RAC_COPY_TO (RacNumber 36) method, that allows a remote unauthenticated attacker to execute code as the nobody user on SMA 200, 210, 400, 410 and 500v appliances. Connected sources confirm af...

CVE-2021-20043

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...

CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...

Fortinet FortiWeb 缓冲区错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A buffer overflow vulnerability exists that...

The vulnerability of the Adobe Photoshop Elements graphic editor lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Adobe Photoshop Elements relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, using a specially created file...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a hacker to execute arbitrary code in the context of the current user, using a specially crafted .bmp...

CVE-2021-44047

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...

elecom lan 跨站脚本漏洞

elecom lan is a router from Elecom Japan. A cross-site scripting vulnerability exists in elecom lan that stems from insufficient cleaning of user-supplied data. An authenticated, remote attacker could trick a victim into visiting specially crafted links within the context of a vulnerable website...

The vulnerability of the Google Chrome browser’s media component, which allows a hacker to execute arbitrary code.

The vulnerability of the Google Chrome browser’s media component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

Design/Logic Flaw

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the...