21 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-45046
Technical details for CVE-2021-45046 are not publicly provided in the supplied documents. Monitor for updates from official advisories; sources here reference fixes for other Log4j CVEs but do not specify 45046 specifics.
CVE-2021-25178
Open Design Alliance Drawings SDK (pre-2021.12) contains a stack-based buffer overflow when parsing DXF/DWG files, CVE-2021-25178. This vulnerability could allow code execution or crash/DoS in affected deployments. Connected advisories (ICS/CISA) specify the affected Drawings SDK versions and ide...
CVE-2021-25173
CVE-2021-25173 affects the Open Design Alliance Drawings SDK prior to 2021.12. The vulnerability is a memory allocation with excessive size when parsing malformed DGN files, which can cause a crash and potentially enable denial of service. Multiple connected advisories confirm the impact and prov...
CVE-2021-25177
Open Design Alliance Drawings SDK before 2021.11 contains a Type Confusion vulnerability when rendering malformed DXF/DWG files, leading to crashes or denial-of-service conditions. Public sources (including ICSA-21-047-01 and NVD/NV D equivalents) corroborate the issue and map this CVE to a type-...
CVE-2021-25174
CVE-2021-25174 affects the Open Design Alliance Drawings SDK prior to 2021.12. A memory corruption vulnerability occurs when parsing malformed DGN files, potentially causing a crash or denial of service. The issue is mitigated by upgrading to Drawings SDK 2021.12 or later (as per Siemens/Open Des...
CVE-2021-25176
CVE-2021-25176 affects the Open Design Alliance Drawings SDK. It is a NULL pointer/untrusted pointer dereference when parsing malformed DXF/DWG files, leading to crashes and potential denial-of-service (with some sources indicating possible code execution). Affected versions are prior to 2021.11/...
CVE-2021-25175
CVE-2021-25175 affects the Open Design Alliance Drawings SDK prior to 2021.11. It is a UNTRUSTED POINTER DEREFERENCE vulnerability that occurs while parsing DXF/DWG files, potentially allowing remote code execution in the context of the affected process. Public advisories (ZDI) describe remote co...
CVE-2021-32948
CVE-2021-32948 describes an out-of-bounds write in the DWG file-reading procedure of the Open Design Alliance Drawings SDK (prior to 2022.4), caused by insufficient validation of user-supplied data. This can write past the end of an allocated buffer and may lead to denial of service or code execu...
CVE-2021-32936
CVE-2021-32936 is an out-of-bounds write in the Open Design Alliance Drawings SDK (prior to 2022.4) during parsing of DXF files, caused by insufficient validation of user-supplied data. This can write past the end of an allocated buffer, enabling denial-of-service or arbitrary code execution in t...
CVE-2021-32944
Summary: CVE-2021-32944 is a use-after-free vulnerability in the Open Design Alliance Drawings SDK (DGN file-reading path) affecting all versions prior to 2022.4, caused by insufficient validation of user-supplied data, leading to memory corruption and potential code execution or DoS. The issue i...
CVE-2021-32950
CVE-2021-32950 concerns the Open Design Alliance Drawings SDK DXF parsing. The issue is an out-of-bounds read when processing DXF files in all versions before 2022.4, caused by insufficient validation of untrusted input. This can lead to reading beyond an allocated buffer and may enable denial-of...
CVE-2021-31784
CVE-2021-31784 describes an out-of-bounds write in Open Design Alliance Drawings SDK prior to 2021.6 during file parsing (DXF/DGN). The issue can crash the process or enable code execution in the context of the current process, with some sources noting potential remote code execution when process...
CVE-2021-32938
CVE-2021-32938 affects the Open Design Alliance Drawings SDK (prior to 2022.4). The vulnerability is an out-of-bounds read when parsing DWG files, caused by insufficient validation of user-supplied data. This can lead to reading past the end of an allocated buffer and may enable denial-of-service...
CVE-2021-32940
CVE-2021-32940 is an out-of-bounds read in the Open Design Alliance Drawings SDK DWG file-recovering procedure, affecting all versions prior to 2022.5. The issue stems from improper validation of user-supplied data and can cause a read past the end of an allocated buffer, enabling denial-of-servi...
CVE-2021-32946
CVE-2021-32946 affects Siemens/Open Design Alliance Drawings SDK parsing of DGN files (Versions 2022.4 and earlier). Root cause: improper validation of user-supplied data in the Drawings SDK parsing path, leading to out-of-bounds conditions that may cause denial-of-service or code execution in th...
CVE-2021-32952
The CVE-2021-32952 entry concerns the Open Design Alliance Drawings SDK (DGN file-reading procedure) with versions up to 2022.4. Root cause: an out-of-bounds write due to insufficient validation of user-supplied data, enabling a write past the end of an allocated buffer. Impact: denial-of-service...
CVE-2023-43505
CVE-2023-43505 affects Siemens COMOS (all versions) with an impaired access-control mechanism on SMB shares, enabling an attacker to access files beyond the user’s rights. The root cause is improper SMB access control in COMOS. Impact is high for confidentiality (C:H) with network access and low ...
CVE-2023-46601
Summary of CVE-2023-46601 : Siemens COMOS (All versions) is affected by an access control vulnerability in the SQLServer connection path, enabling an attacker to query the database and access information beyond the user’s rights. The issue is described across multiple feeds as an improper access ...
CVE-2023-43503
CVE-2023-43503 affects Siemens COMOS (All versions
CVE-2023-43504
Siemens COMOS is affected (all versions