CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26984 – Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26984
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-051 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26983 – Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26983
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900) Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-054 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26988 – Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26988
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-049 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 0CVE-2020-26985 – Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26985
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994) Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-056 https://www.zerodayinitiative.com/advisories/ZDI-21-058 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 0CVE-2020-26987 – Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26987
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-059 https://www.zerodayinitiative.com/advisories/ZDI-21-061 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •