CVE-2021-33718
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.
Source: CVE-2021-33718
CVE-2021-34291
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when
parsing GIF files. This could result in an out of bounds write past the end of an allocated structure.
An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-12956)
Source: CVE-2021-34291
CVE-2021-34294
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when
parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer.
An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13023
Source: CVE-2021-34294
CVE-2021-34301
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13196)
Source: CVE-2021-34301
CVE-2021-34297
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when
parsing BMP files. This could result in an out of bounds write past the end of an allocated structure.
An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13059)
Source: CVE-2021-34297
CVE-2021-34298
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13060)
Source: CVE-2021-34298
CVE-2021-34299
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when
parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer.
An attacker could leverage this vulnerability to leak information in the context of the current process.
(ZDI-CAN-13192)
Source: CVE-2021-34299
CVE-2021-34300
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when
parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer.
An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13194)
Source: CVE-2021-34300
CVE-2021-34296
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when
parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer.
An attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13057)
Source: CVE-2021-34296
CVE-2021-33713
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
Source: CVE-2021-33713