72 matches found
PT-2025-33486 · Autodesk · Autocad
Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can trigger an Out-of-Bounds Read issue. A malicious actor can exploit this to cause a crash, read...
SUSE-SU-2025:02362-1 Security update for coreutils
This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data bsc1243767...
AZL-66704 CVE-2025-4598 affecting package kernel for versions less than 5.15.186.1-1
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...
CVE-2025-43564
Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...
CVE-2025-43563
CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...
PT-2025-6247 · Ivanti · Ivanti Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.3 Ivanti Policy Secure versions prior to 22.7R1.3 Description: A hardcoded key in the software allows a local authenticated attacker with admin privileges to read sensitive data. Recommendations:...
CVE-2024-38864 User-Readable Private Key in Windows Agent
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p23, 2.2.0p38 and = 2.1.0p49 EOL allows a local attacker to read sensitive data...
PT-2024-9973 · Autodesk · Autodesk Navisworks Manage +2
Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom affected versions not specified Autodesk Navisworks Simulate affected versions not specified Autodesk Navisworks Manage affected versions not specified Description: A maliciously crafted DWFX file can cause a...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat USA that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak. An attacker exploiting the vulnerability could read sensitive information...
Autodesk AutoCAD 安全漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. in the United States. Autodesk AutoCAD suffers from a buffer error vulnerability that originates when a maliciously crafted DWG file is parsed, which may force an out-of-bounds write to occur, which can be exploit...
Autodesk AutoCAD 安全漏洞
Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
Autodesk AutoCAD 安全漏洞
Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A memory misreference vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the curren...
CVE-2023-44254
An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability previously existed in Apple macOS Sonoma version 14, which stemmed from an application that may be able to read sensitive location information...
PT-2024-37624 · Rockwell Automation · Pavilion8
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A privilege escalation issue exists in the affected products, allowing a malicious user with basic privileges to access functions that should only be...
Rockwell Automation Pavilion8 安全漏洞
Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. An elevation of privilege vulnerability exists in Rockwell Automation Pavilion 8, which can be exploited by an attacker to read sensitive data and create users...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that...
CVE-2024-23127
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSWDLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the...
Dell OS Recovery Tool 安全漏洞
Dell OS Recovery Tool is a system recovery tool. When the user's Dell computer fails to enter the system due to hard disk replacement/corruption or software reasons, the recovery USB flash drive created by Dell OS Recovery Tool can be used to restore the factory system settings of the Dell comput...
CVE-2023-44249
An authorization bypass through user-controlled key CWE-639 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests...