VYPR

Cscape

by Cscape

CVEs (7)

  • CVE-2021-33015HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current…

  • CVE-2021-32995HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-32975HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-22682HigApr 23, 2021
    risk 0.51cvss 7.8epss 0.00

    Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.

  • CVE-2021-22678HigApr 23, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2019-6555HigFeb 28, 2019
    risk 0.51cvss 7.8epss 0.02

    Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.

  • CVE-2018-19005HigDec 20, 2018
    risk 0.51cvss 7.8epss 0.02

    Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute…