23182 matches found
The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.
The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software system involves the use of uncontrolled format strings. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
Jinja 安全漏洞
Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a sandbox environment that detects improperly called str.format, allowing an attacker who controls the content of a template to...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory when processing PAR format files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Siemens Solid Edge’s design and simulation tools, related to a countable loss of significance, allows attackers to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to a countable amount of significance loss during the processing of PAR format files. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of PDF viewing and editing programs such as Acrobat Document Cloud, Adobe Reader Document Cloud, Adobe Reader, and Adobe Acrobat lies in their memory management after memory is freed. This allows attackers to execute arbitrary code.
The vulnerability of PDF viewing and editing programs like Acrobat Document Cloud, Adobe Reader Document Cloud, Adobe Reader, and Adobe Acrobat is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially create...
The vulnerability of the format_channel_mask function in the Gstreamer multimedia framework, which allows a hacker to trigger a service failure.
The vulnerability of the formatchannelmask function in the Gstreamer multimedia framework relates to reading data beyond the allowed range of memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero As previously mentioned in the second installment of the blog post series "A brief history of the feature", the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special,...
CVE-2024-12670
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2024-12191
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...
CVE-2024-12178
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation and Teamcenter Visualization systems for modeling systems and processes involves allowing operations to escape from memory buffers, enabling attackers to execute arbitrary code or cause service failures.
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation and Teamcenter Visualization’s Product Lifecycle Management system lies in the execution of operations beyond the buffer in memory when processing WRL format files. Exploiting this vulnerability can allow attacke...
Autodesk Navisworks 安全漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks version 2025, which originates from a maliciously crafted DWFX file that triggers an out-of-bounds writ...
PT-2024-9972 · Autodesk · Autodesk Navisworks Manage +2
Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom affected versions not specified Autodesk Navisworks Simulate affected versions not specified Autodesk Navisworks Manage affected versions not specified Description: A maliciously crafted DWF file, when parsed throu...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation and Teamcenter Visualization systems for modeling systems and processes involves allowing operations to escape from memory buffers, enabling attackers to execute arbitrary code or cause service failures.
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation and Teamcenter Visualization’s Product Lifecycle Management system lies in the execution of operations beyond the buffer in memory when processing WRL-formatted files. Exploiting this vulnerability can allow...
Autodesk Navisworks 安全漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks, which can be exploited to cause a crash, data corruption, or execution of arbitrary code in the...
Autodesk Navisworks 安全漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks that originates from an out-of-bounds write that can be enforced when parsing a maliciously crafted DWF...
Autodesk Navisworks 安全漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks version 2025, which originates from a maliciously crafted DWF file that can cause an out-of-bounds writ...
Autodesk Navisworks 缓冲区错误漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering, and construction from Autodesk, Inc. A buffer error vulnerability exists in Autodesk Navisworks, which originates from parsing a maliciously crafted DWF file can be used to cause a heap overflow, which can be exploit...
PT-2024-9974 · Autodesk · Autodesk Navisworks Manage +2
Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom affected versions not specified Autodesk Navisworks Simulate affected versions not specified Autodesk Navisworks Manage affected versions not specified Description: A maliciously crafted DWFX file, when parsed...