Page 5 of 27 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe una derivación de puntero nulo al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-221 https://www.zerodayinitiative.com/advisories/ZDI-21-222 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de confusión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.11. Se presenta una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria cuando la operación de recuperación se ejecuta con archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-220 https://www.zerodayinitiative.com/advisories/ZDI-21-240 https://www.zerodayinitiative.com/advisories/ZDI-21-243 • CWE-787: Out-of-bounds Write •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Siemens COMOS anterior a la versión 9.2.0.8.1, 10.0 anterior a 10.0.3.1.40, y 10.1 anterior a la versión 10.1.0.0.2 permite a usuarios locales obtener privilegios en la base de datos a través de vectores sin especificar. • http://secunia.com/advisories/56010 http://www.securityfocus.com/bid/64153 https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. La aplicación de cliente en Siemens COMOS anterior a v9.1 Update 458, v9.2 anterior a v9.2.0.6.37, y v10.0 anterior a v 10.0.3.0.19 permite a usuarios locales conseguir privilegios y evitar las restricciones de la base de datos de funcionamiento previstos, aprovechando el acceso al proyecto COMOS. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-970879.pdf • CWE-264: Permissions, Privileges, and Access Controls •