CVE-2021-46588

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

AZL-44088 CVE-2022-0562 affecting package openjpeg2 2.3.1-12

Null source pointer passed as an argument to memcpy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c...

Improper Access Control in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/UploadFile" that allows uploading files without authentication. Root-cause Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call UploadFile function wi...

CVE-2022-22539

When a user opens a manipulated JPEG file format .jpg, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE...

Format string

When a user opens a manipulated Tagged Image File Format .tiff, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with the...

CVE-2022-22538

When a user opens a manipulated Adobe Illustrator file format .ai, ai.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with...

CVE-2021-46157

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

USN-4987-2: ExifTool vulnerability

USN-4987-1 fixed a vulnerability in ExifTool. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or...

[SECURITY] Fedora 35 Update: python-pillow-8.3.2-2.fc35

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

[SECURITY] Fedora 34 Update: python-pillow-8.1.2-6.fc34

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

Mageia: Security Advisory (MGASA-2020-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-40159

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process...

Error: "Invalid File Format" while submitting a CSR on tools.xm.citrix.com

When submitting the CSR the Admin Receives: "Error: Invalid File format" CSR is generated viaIIS according to the documentation: https://docs.citrix.com/en-us/xenmobile/server/authentication/apns.html...

CVE-2021-34940

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2021-34890

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2022-33131)

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces.SAP 3D Visual Enterprise Viewer version 9.0 is...

IDEC PLC 安全漏洞

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that can be exploited by an attacker to obtain user credentials from a file server, a backup repository, or a ZLD file saved on an SD card...

CVE-2021-42069

When a user opens manipulated Tagged Image File Format .tif file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Format string

When a user opens manipulated Tagged Image File Format .tif file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-42069

When a user opens manipulated Tagged Image File Format .tif file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...