CVE-2021-38105

IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is unlike from CVE-2021-38102. (CVSS:0.0) (Terminal Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-38101

CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099. (CVSS:0.0) (Last Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-33626

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 through 5.5). (CVSS:0.0) (Closing Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-38098

Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. (CVSS:0.0) (Closing Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-34352

A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later (CVSS:0.0) (Terminal Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-36309

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with entree to the system may use the TACACSRadius credentials stored to read frail information and use it in further attacks. (CVSS:4.0) (Terminal Update:2021-10-08)

2021-09-30T20:00:00-04:00September 30th, 2021|Gain Information|

CVE-2021-38110

Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. (CVSS:0.0) (Closing Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-38100

Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. (CVSS:0.0) (Terminal Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-34354

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later (CVSS:0.0) (Closing Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|

CVE-2021-38102

IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to accession unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105. (CVSS:0.0) (Closing Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|CVE Details|
Go to Top