CVE: CVE-2021-0950 Tested Versions: RQ1A.210205.004 Product URL(s): https://www.android.com/ Description of the vulnerability An Out-Of-Bounds Write bug was found in nfc_nci_nxp.so. Specifically, in file "hardware/nxp/nfc/halimpl/hal/phNxpNciHal_ext.cc", function phNxpNciHal_write_ext, due to lack of proper validation of the length of supplied command prior to increasing length of it, leading to 3 bytes overflow problem. This vulnerability can be turned into a read past the end of a global buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of NFC HIDL service....

CVE: CVE-2021-33760 Tested Versions: mfsrcsnk.dll 10.0.18362.836 Product URL(s): https://www.microsoft.com/ Description of the vulnerability An integer overflow leads to OOB read when parsing MP3 header. The crash can be trigger by navigating into the folder containing the POC file. The crash happens inside mfsrcsnk.dll when parsing MP3 header. Stack trace. (582c.420c): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled....

CVE: CVE-2021-34503 Tested Versions: mfsrcsnk.dll 10.0.18362.836 Product URL(s): https://www.microsoft.com/ Description of the vulnerability There is a type confusion when parsing Quick Time video file format’s metadata that leads to OOB access on heap memory. The vulnerability can be triggered by navigating into folder contains POC file, inside Internet Explorer and Microsoft Edge. The crashes happens inside mfmp4srcsnk.dll when parsing CQTSampleDescriptionAtom. Stack trace. (2154.3bf0): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling....

CVE: CVE-2021-1758 Tested Versions: macOS Catalina 10.15.4 (19E287) Product URL(s): https://apple.com Description of the vulnerability This vulnerability exists in libFontParser.dylib, a part of CoreText library is widely used in macOS, iOS, iPadOS to parse, and draw text. This vulnerability allows attacker to read memory of application which uses API from CoreText. macOS/iOS creates a font format structure that is a wrapper of Type 1 Postscript Font and TrueType Font is Mac Resource Fork Font....

CVE: CVE-2021-1790 Tested Versions: macOS Catalina 10.15.4 (19E287) Product URL(s): https://apple.com Description of the vulnerability This vulnerability exists in libhvf.dylib, a part of CoreText library is widely used in macOS, iOS, iPadOS to parse font. An attacker can craft an evil PDF contains the malicious font that could lead to remote code execution. libhvf.dylib is used to parse HierVariation table in Truetype Font. libhvf.dylib is a feature of libFontParser....

CVE: CVE-2020-24430 Tested Versions: Adobe Reader DC 2020.012.20041 Product URL(s): https://adobe.com Description of the vulnerability Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF). There is an UAF bug when Adobe Acrobat DC executes javascript related to the FDF.addContact function The following is the crash context (with page heap enabled):...

CVE: CVE-2020-13937 Tested Versions: All versions starting from 2.0.0 up to 2.3.2, all versions starting from 2.4.0 up to 2.4.1, all versions starting from 2.5.0 up to 2.5.2, all versions starting from 2.6.0 up to 2.6.6, all versions starting from 3.0.0 up to 3.0.2, version 3.1.0 Product URL(s): http://kylin.apache.org/ Description of the vulnerability There is an unauthenticated configuration disclosure via /kylin/api/admin/config GET API Endpoint. The getConfig() method of AdminController....