CWE:
 

Topic
Date
Author
High
Google SketchUp lib3ds 3DS Importer Memory Corruption
18.01.2010
CORE


CVEMAP Search Results

CVE
Details
Description
2021-10-22
Waiting for details
CVE-2021-38479

Updating...
 

 
Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.

 
2021-10-21
Waiting for details
CVE-2021-41160

Updating...
 

 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

 
Waiting for details
CVE-2021-41159

Updating...
 

 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

 
2021-10-19
Medium
CVE-2021-30846

Vendor: Apple
Software: Safari
 

 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

 
Medium
CVE-2021-30832

Vendor: Apple
Software: Mac os x
 

 
A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

 
High
CVE-2021-30830

Vendor: Apple
Software: Mac os x
 

 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.

 
2021-10-18
Medium
CVE-2021-38426

Vendor: Fatek
Software: Winproladder
 

 
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.

 
Medium
CVE-2021-38389

Vendor: Advantech
Software: Webaccess
 

 
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

 
Medium
CVE-2021-33023

Vendor: Advantech
Software: Webaccess
 

 
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

 
2021-10-15
Medium
CVE-2021-40731

Updating...
 

 
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top