# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-34748 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293) |
2 |
CVE-2022-34465 |
125 |
|
Exec Code |
2022-07-12 |
2022-10-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420) |
3 |
CVE-2022-34289 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054) |
4 |
CVE-2022-34286 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-051) |
5 |
CVE-2022-34284 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049) |
6 |
CVE-2022-34281 |
125 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-046) |
7 |
CVE-2022-34280 |
125 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-045) |
8 |
CVE-2022-34279 |
125 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-044) |
9 |
CVE-2022-34278 |
125 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043) |
10 |
CVE-2022-34277 |
125 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-042) |
11 |
CVE-2022-34276 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041) |
12 |
CVE-2022-34275 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040) |
13 |
CVE-2022-34274 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-039) |
14 |
CVE-2022-34273 |
787 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038) |
15 |
CVE-2022-34272 |
125 |
|
Exec Code |
2022-07-12 |
2022-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-037, FG-VD-22-059) |
16 |
CVE-2022-33139 |
603 |
|
|
2022-06-21 |
2022-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. |
17 |
CVE-2022-32259 |
863 |
|
|
2022-06-14 |
2022-06-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. |
18 |
CVE-2022-31619 |
798 |
|
Exec Code |
2022-06-14 |
2022-08-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. |
19 |
CVE-2022-29033 |
824 |
|
Exec Code |
2022-05-20 |
2022-05-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. |
20 |
CVE-2022-29032 |
415 |
|
Exec Code |
2022-05-20 |
2022-05-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. |
21 |
CVE-2022-28663 |
787 |
|
Exec Code |
2022-04-12 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592) |
22 |
CVE-2022-28661 |
125 |
|
Exec Code |
2022-04-12 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114) |
23 |
CVE-2022-27653 |
787 |
|
Exec Code |
2022-05-20 |
2022-06-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594) |
24 |
CVE-2022-25311 |
269 |
|
|
2022-03-08 |
2022-10-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEC NMS (All versions >= V1.0.3). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. |
25 |
CVE-2022-24661 |
787 |
|
Exec Code Mem. Corr. |
2022-03-08 |
2022-03-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. |
26 |
CVE-2022-24282 |
502 |
|
Exec Code |
2022-03-08 |
2022-10-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEC NMS (All versions >= V1.0.3). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. |
27 |
CVE-2022-24281 |
89 |
|
Exec Code Sql |
2022-03-08 |
2022-12-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. |
28 |
CVE-2022-23449 |
427 |
|
Exec Code |
2022-04-12 |
2022-04-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. |
29 |
CVE-2022-22827 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
30 |
CVE-2022-22826 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
31 |
CVE-2022-22825 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
32 |
CVE-2021-46699 |
787 |
|
Exec Code Overflow |
2022-02-22 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061) |
33 |
CVE-2021-46162 |
787 |
|
Exec Code |
2022-02-22 |
2022-04-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) |
34 |
CVE-2021-46161 |
787 |
|
Exec Code |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302) |
35 |
CVE-2021-46160 |
787 |
|
Exec Code |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286) |
36 |
CVE-2021-46159 |
787 |
|
Exec Code |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050) |
37 |
CVE-2021-46158 |
787 |
|
Exec Code Overflow |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602) |
38 |
CVE-2021-46157 |
119 |
|
Exec Code Overflow Mem. Corr. |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757) |
39 |
CVE-2021-46156 |
787 |
|
Exec Code |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684) |
40 |
CVE-2021-46155 |
787 |
|
Exec Code Overflow |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593) |
41 |
CVE-2021-46154 |
787 |
|
Exec Code Overflow |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304) |
42 |
CVE-2021-46153 |
119 |
|
Exec Code Overflow Mem. Corr. |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599) |
43 |
CVE-2021-46152 |
843 |
|
Exec Code |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) |
44 |
CVE-2021-46151 |
787 |
|
Exec Code |
2022-02-09 |
2022-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082) |
45 |
CVE-2021-46143 |
190 |
|
Overflow |
2022-01-06 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
46 |
CVE-2021-44523 |
668 |
|
|
2021-12-14 |
2021-12-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. |
47 |
CVE-2021-44450 |
125 |
|
+Info |
2021-12-14 |
2021-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865) |
48 |
CVE-2021-44449 |
787 |
|
Exec Code |
2021-12-14 |
2021-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) |
49 |
CVE-2021-44447 |
416 |
|
Exec Code |
2021-12-14 |
2021-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911) |
50 |
CVE-2021-44446 |
787 |
|
Exec Code |
2021-12-14 |
2021-12-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898) |