1916 matches found
Bentley View J2K File Parsing Memory Misreference Vulnerability
Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...
Autodesk Navisworks code issue vulnerability
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. A code issue vulnerability exists in Autodesk Navisworks, which can be exploited by attackers to execute code via a maliciously crafted DLL file...
Bentley View DGN File Parsing Stack Buffer Overflow Vulnerability
Bentley View, a free viewer from Bentley Systems, Inc. A stack buffer overflow vulnerability exists in Bentley View DGN file parsing, which stems from a lack of proper validation of the length of user-supplied data before it is copied to the heap buffer in DGN file parsing. An attacker could...
CVE-2021-20045
CVE-2021-20045 is a buffer overflow vulnerability in SonicWall SMA100 series, specifically the sonicfiles RAC_COPY_TO (RacNumber 36) method, that allows a remote unauthenticated attacker to execute code as the nobody user on SMA 200, 210, 400, 410 and 500v appliances. Connected sources confirm af...
CVE-2021-20043
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...
CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
Fortinet FortiWeb 缓冲区错误漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A buffer overflow vulnerability exists that...
CVE-2021-44047
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...
elecom lan 跨站脚本漏洞
elecom lan is a router from Elecom Japan. A cross-site scripting vulnerability exists in elecom lan that stems from insufficient cleaning of user-supplied data. An authenticated, remote attacker could trick a victim into visiting specially crafted links within the context of a vulnerable website...
Design/Logic Flaw
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the...
Open Design Alliance Drawings SDK has an unspecified vulnerability (CNVD-2021-89165)
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API, providing a C API, support for repair files, support for . An out - bound...
Cross site scripting
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file an invalid dash counter in line types can trigger a read past the end of an allocated...
Directory traversal
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code...
Microsoft Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting is a scripting language for the Windows operating system from Microsoft Corporation USA.A memory corruption vulnerability exists in the Microsoft Chakra Scripting Engine, which can be exploited by attackers to execute code on the target host...
CVE-2021-32022
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete...
Denial of service
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...
Privilege escalation
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...
Design/Logic Flaw
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete...
CVE-2021-32022
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete...
CVE-2021-32022
Affected software: BlackBerry Protect for Windows (Cylance) up to version 1574. Issue: a low-privileged attacker could abuse the CEF RPC server to execute code in the context of the privileged Cylance service and gain the ability to delete data on the local system. Root cause described in public ...