CVE Notify
19.3K subscribers
4 photos
206K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2021-27590
When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27588
When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27586
When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27587
When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27585
When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-21493
When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-26862
Windows Installer Elevation of Privilege Vulnerability

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-26873
Windows User Profile Service Elevation of Privilege Vulnerability

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-7552
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-13160
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-7551
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-7553
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-21118
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-29443
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-8021
a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-8020
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-21311
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.

๐ŸŽ–@cveNotify