CVE-2024-49525

CVE-2024-49525 affects Substance3D Painter up to version 10.1.0, where a heap-based buffer overflow could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Public sources consistently describe the issue a...

CVE-2024-49519 Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47432 Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47426 Substance3D - Painter | Double Free (CWE-415)

Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-45141 Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-45140 Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-20781

Summary: Adobe InDesign Desktop (ID18.5.2, ID19.3 and earlier) is affected by a heap-based buffer overflow that could enable arbitrary code execution in the user’s context. Exploitation requires a user to open a malicious file. Connected advisories (APSB24-48) indicate a security update is availa...

CVE-2024-34096 ZDI-CAN-23472: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-42105

Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getParams method...

CVE-2024-20744 Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-20742 Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Adobe ColdFusion Deserialization Vulnerability (CNVD-2024-25608)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...

(0Day) Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

CVE-2022-28304

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-43617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2023-25883 ZDI-CAN-19386: Adobe Dimension FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-25880 ZDI-CAN-19412: Adobe Dimension GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...