Lucene search
K

81 matches found

Vulnrichment
Vulnrichment
added 2023/01/26 12:0 a.m.8 views

CVE-2022-42371

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.2AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.5 views

Siemens Parasolid 缓冲区错误漏洞

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...

7.8CVSS7.3AI score0.0051EPSS
Exploits0References5
Veracode
Veracode
added 2022/11/23 9:21 a.m.24 views

OS Command Injection

apacheairflowprovidersapachepig is vulnerable to os command injection. The vulnerability in due to the application allowing an attacker to control commands executed in the task execution context, allowing an attacker to inject and execute arbitrary OS commands...

9.8CVSS9.7AI score0.03944EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/22 12:30 p.m.37 views

OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

9.8CVSS9.1AI score0.03228EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/11/22 10:15 a.m.26 views

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

7.5CVSS9.7AI score0.03228EPSS
Exploits0References2Affected Software2
Code423n4
Code423n4
added 2022/08/01 12:0 a.m.11 views

Attacker can steal all the wrapped tokens, ether or native currency contained in the ReceiverImplementation contract

Lines of code Vulnerability details Impact since all the functions in the ReceiverImplemention are all designed to be called by DepositBase and AxelarDepositService, why not create a simple modifer to check if msg.sender equals either of the two when a delegatecall or call occurs, like so modifie...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 3:15 a.m.24 views

Special top object can be used to access Struts' internals

ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patch...

7.5CVSS7.5AI score0.09063EPSS
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2022/04/11 12:0 a.m.9 views

_execute can potentially reorder a batch of commands while executing, breaking any assumptions on command orders.

Lines of code Vulnerability details Impact Since this is important, we quote it again instead of referring to our other bug report on a different, yet related bug. The context within which a command is executed is extremely important. AxelarGatewayMultisig.execute takes a signed batch of commands...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.6 views

Adobe Acrobat Reader缓冲区错误漏洞

Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code in the context of the current user...

9.3CVSS6.5AI score0.29951EPSS
Exploits0References5
Prion
Prion
added 2021/12/14 12:15 p.m.24 views

Stack overflow

A vulnerability has been identified in JT Utilities All versions V13.1.1.0, JTTK All versions V11.1.1.0. JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the...

6.8CVSS7.8AI score0.00869EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/12/14 12:15 p.m.17 views

Default credentials

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer All versions 2021.3.1. The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could...

6.8CVSS7.7AI score0.00814EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/12/01 12:0 a.m.18 views

Open Design Alliance Drawings SDK Out-of-Bounds Writing Vulnerability (CNVD-2022-01426)

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API, C API, support for repair files, support for . The vulnerability can be...

7.8CVSS3.6AI score0.00814EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.5 views

The vulnerability of Autodesk Navisworks software lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code in the context of the current user.

The vulnerability of Autodesk Navisworks software lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user, using a specially created DWG file...

9.3CVSS7.8AI score0.00957EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/06/08 8:15 p.m.18 views

CVE-2021-27390

A vulnerability has been identified in JT2Go All versions V13.1.0.3, Teamcenter Visualization All versions V13.1.0.3. The TIFFloader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end...

7.8CVSS0.01811EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.7 views

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to the use of a null pointer pointer, which allows attackers to execute arbitrary code.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to the use of a null pointer. Exploiting these vulnerabilities can allow an attacker...

10CVSS8.3AI score0.04413EPSS
Exploits0References3
OSV
OSV
added 2020/09/16 3:15 p.m.8 views

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

5.5CVSS7.3AI score
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2020/08/04 12:0 a.m.22 views

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

7.8CVSS4.8AI score0.12042EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/05/25 12:0 a.m.28 views

Adobe Premiere Pro MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS2.9AI score0.02677EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/03/29 2:10 a.m.52 views

CVE-2019-16935

A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...

6.1CVSS2.7AI score0.04653EPSS
Exploits1References3
CNVD
CNVD
added 2019/11/13 12:0 a.m.1 views

Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2019-42802)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A scripting engine memory corruption vulnerability exists in Microsoft Edge based on EdgeHTML. The vulnerability stems from a problem in the way the scripting engine handles objects in...

7.6CVSS7.2AI score0.09374EPSS
Exploits0References1
Rows per page
Query Builder