227 matches found
CVE-2021-38402
Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to...
Stack overflow
Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to...
CVE-2021-38402
Delta Electronics DOPSoft 2 (version ≤ 2.00.07) is affected by CVE-2021-38402 due to improper validation of user-supplied data when parsing certain project files, causing a stack-based buffer overflow in font string handling. This can allow arbitrary code execution in the current process. Public ...
CVE-2021-38402 Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow
Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to...
USN-5051-1 openssl vulnerabilities
John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. CVE-2021-3711 Ingo Schwarze discovered that OpenSSL...
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust. Allows an attacker to execute arbitrary code via a pattern designed with interest, because because string.c dsfgetstr dsfgetstr would write out-of-bounds...
USN-5030-1: Perl DBI module vulnerabilities
It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2014-10402 It was discovered that the Perl DBI module incorrectly handled certain long...
OESA-2021-1219 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
CVE-2021-25831
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
CVE-2021-25830
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
CVE-2020-26992
A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during fon...
Stack overflow
A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during fon...
ImageMagick code issue vulnerability (CNVD-2021-25965)
Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in ImageMagick versions prior to 7.0.9-0, which stems...
Design/Logic Flaw
TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...
CVE-2020-25667
TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...
CVE-2020-25667
TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...
qt5 security update
CentOS Errata and Security Advisory CESA-2020:4025 An update for qt5-qtbase is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...