CVE-2021-35005

LOW Year: 2021
CVSS v3 Score
3.3
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-129
View all →

Vulnerability Description

This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.

Related Vulnerabilities

CVE-2020-11041

LOW
CVSS:2.7(Low)

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash...

CWE-1292020

CVE-2022-47346

MEDIUM
CVSS:4.0(Medium)

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.

CWE-1292022

CVE-2022-47348

MEDIUM
CVSS:4.0(Medium)

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.

CWE-1292022

CVE-2022-31745

MEDIUM
CVSS:4.3(Medium)

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.

CWE-1292022

CVE-2024-34047

MEDIUM
CVSS:4.3(Medium)

O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.

CWE-1292024

CVE-2016-7170

MEDIUM
CVSS:4.4(Medium)

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via ...

CWE-1292016