The vulnerability of the security system and the Nessus vulnerability assessment, which stems from insufficient validation of input data, allows attackers to elevate their privileges to the root or NT AUTHORITY/SYSTEM level on the Nessus host.

The vulnerability of the Nessus security system and its vulnerability assessment are related to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the root or NT AUTHORITY/SYSTEM level on the Nessus...

The vulnerability of the professional video editing software Adobe Premiere Pro, related to access to an uninitialized pointer, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the professional video editing software Adobe Premiere Pro lies in the access to an uninitialized pointer. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...

CVE-2023-6142

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-44365 ZDI-CAN-21931: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

The vulnerability of the `calc_output_single` function in the `src_sinc.c` component of the Secret Rabbit Code frequency conversion library, which allows a intruder to cause a service failure.

The vulnerability of the calcoutputsingle function in the srcsinc.c component of the Secret Rabbit Code frequency conversion library is related to reading data from buffer memory beyond its allowable limits. Exploiting this vulnerability allows a remote attacker to cause a service failure through...

The vulnerability of the processCanonCameraInfo function in the LibRaw image processing library allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the processCanonCameraInfo function in the LibRaw image processing library is related to the output of operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity,...

The vulnerability of the cplus-dem.c component of the GNU Binutils development environment allows a attacker to trigger a service failure.

The vulnerability of the cplus-dem.c component of the GNU Binutils development environment is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...

The vulnerability of the Adobe Photoshop graphic editor, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop graphic editor is related to the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

The vulnerability of the Adobe Photoshop graphic editor, related to reading data beyond the buffer in memory, allows attackers to disclose protected information.

The vulnerability of the Adobe Photoshop graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information by opening a specially created file...

The vulnerability of the 3D model texturing program Adobe Substance 3D Designer lies in its memory usage after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the 3D model texturing program Adobe Substance 3D Designer is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created USD file...

PT-2023-22129 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD versions 2023 through 2024 Description: A maliciously crafted CATPART file can cause an Out-Of-Bounds Write when parsed through the software. This can be leveraged by a malicious actor to cause a crash, read sensitive data, o...

The vulnerability of the Microsoft Visual Studio software development tool lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.

The vulnerability of Microsoft Visual Studio, a software development tool, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created file...

PT-2023-5061 · 3D Viewer · 3D Viewer

Name of the Vulnerable Software and Affected Versions: 3D Viewer affected versions not specified Description: The issue is related to insufficient input validation in the 3D Viewer, which can be exploited to execute arbitrary code using a specially crafted file. Recommendations: At the moment,...

CVE-2022-28832

Adobe InDesign versions 17.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context...

The vulnerability of the require_once component in the PHP-Fusion CMS system allows a hacker to execute arbitrary code.

The vulnerability of the requireonce component in the PHP-Fusion CMS system relates to the ability to implement functionality from an untrusted management environment. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted php file...

CVE-2023-20266

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected...

CVE-2020-24294

Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 r1859 allows remote attackers to cuase a denial of service via opening of crafted psd file...

UBUNTU-CVE-2020-18232

Buffer Overflow vulnerability in function H5Sclose in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file...

The vulnerability of the OpenImageIO image processing library, which allows a hacker to trigger a service failure.

The vulnerability of the OpenImageIO image processing library is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure through the use of a specially created file...

CVE-2021-43759 Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Media Encoder versions 22.0, 15.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in th...